ASSESSMENTS

What to Expect as U.S. States Begin Enforcing Data Privacy Laws

MIN READJan 19, 2023 | 18:28 GMT

A photo taken on April 26, 2022, shows the sign outside a Google office in San Francisco, California.

A photo taken on April 26, 2022, shows the sign outside a Google office in San Francisco, California.

(Justin Sullivan/Getty Images)

Five U.S. states will begin enforcing new EU-styled data privacy laws in 2023, which will create more stringent data requirements for companies operating in these states, posing financial and reputational risks for companies that fail to comply. California, Colorado, Connecticut, Utah and Virginia are all slated to enact changes to their data privacy legislation later in the year and two of these states have already made the changes effective as of Jan. 1. These new laws integrate a number of modifications based on the European Union's General Data Protection Regulation (GDPR), a legal framework that pursues a ''rights-based approach'' to data protection and is arguably the most stringent data privacy legal framework in the world. These newly enacted and proposed state laws incorporate broader definitions for personally identifiable information (PII), stricter requirements regarding data collection and processing and certain oversight assessments to ensure improved data security practices....

image of globe

Connected Content

Article Search