Overview
In the absence of a comprehensive federal privacy law, states continue to fill the void by passing new consumer privacy laws. During this webinar, David Saunders and Michelle Lease, Technology Policy Issue Manager at Intuit, Inc., discussed the applicability of these laws and examined some of the new requirements in the laws that passed in 2024. The speakers also made predictions about which states will be next in the race to regulate privacy.
Top takeaways included:
- States are no longer passing laws that look alike. 2024 saw the passage of several state laws that deviate from the Colorado/Connecticut/Virginia model in significant ways, and that will require substantial time and effort for companies to come into compliance. The speakers predicted that this trend would continue and encouraged companies to adopt a forward-looking approach in their compliance efforts.
- Count your website visitors! If you have cookies on your website, you are probably processing the personal information of state residents. Those website visitors may be sufficiently numerous to trigger application of state law, even for companies that are otherwise exempt from the state privacy laws like financial institutions and healthcare companies.
- State law restrictions on the sale of sensitive personal information vary. How states treat sensitive personal information – and what constitutes sensitive personal information – varies among states. A new wrinkle was added in 2024 when Maryland passed a law that largely prohibited the sale of sensitive personal information.
- State laws are increasingly mandating that businesses honor universal opt-outs. Many new state laws are requiring websites to honor browser opt-out signals, and doing so is quickly becoming an industry norm. According to the speakers, it is essential to begin socializing these signals with business teams.
