As states continue to announce and implement data privacy regulations that create a patchwork of legislation for multi-state businesses to navigate, Bass, Berry & Sims attorney Roy Wyman was quoted in a Compliance Week article highlighting this complicated landscape and the challenges it presents companies.
As 11 individual states have taken on the issue of protecting consumer data with new regulations, Roy noted that the statutes don’t align and have made it exceedingly difficult and costly to comply. Many of the laws are largely similar but just different enough to make compliance challenging, such as how each state’s law defines key terms like “sensitive information” and “personal information.”
“What’s legal in one state is illegal in another,” Roy said. Further, businesses may be subject to the laws even when they are not doing much in those states. “If you sell to just one person in Texas, it could potentially pull you in,” Roy added as an example, which could lead some small businesses to decide not to sell to anyone in a particular state rather than implement privacy protections for those consumers.
In determining whether to apply a consistent approach across all the states in which a business operates or whether it makes sense to comply with each state individually, Roy suggested that either approach is fine and likely depends on the size, complexity, footprint and data usage plans of the company. Ultimately, businesses need to monitor each new state privacy law to determine whether there are any changes needed in their strategy and data policies.
The full article, “From 5 to 11: Keeping Up with New State Data Privacy Laws,” was published by Compliance Week on September 6 and is available online (subscription required).