In the absence of federal privacy legislation and in response to growing public concern over businesses’ use of personal data here in the U.S., more states are filling the void that exists in the area of consumer privacy protection. Earlier this year, Virginia passed the Virginia Consumer Data Protection Act (CDPA), and more recently, Colorado introduced the Colorado Privacy Act (CPA) on July 7th, 2021. Both of these laws will take effect in 2023.
In addition, privacy legislation is currently under consideration in Washington, New York and Minnesota. For companies who do business throughout the U.S., the onerous compliance obligations presented by this patchwork of privacy laws might best be managed by complying with the most restrictive requirements across the board, rather than trying to implement and manage state-by-state requirements.
Side-by-Side Comparison
This chart summarizes and compares the privacy laws in California, Virginia and Colorado. These summaries are meant to highlight the main requirements of these laws, and are not comprehensive. Companies should work with their lawyers to create a compliance program that best suits their needs.
If your business is impacted by Virginia’s CDPA, Colorado’s CPA, or both, it is important to review your privacy policies and practices and prepare for compliance by 2023. We are happy to help.