2019: The Inflection Point for Data Privacy
There were other positive developments this year. From a regulatory perspective in the US, Nevada’s SB220 went into effect on October 1, 2019, requiring businesses to provide notice of a designated email, toll-free number, or website address that allows consumers the right to opt-out of the “sale” of their personal information. In November, Democratic senators led by Sen. Maria Cantwell introduced a new federal data privacy bill. If ultimately enacted into law, the federal bill would provide similar data protections as GDPR offers in the EU and create a new FTC enforcement bureau. The most comprehensive privacy act so far was passed by the State of California. It goes into effect on January 1, 2020, and is the first meaningful effort in the country to give consumers control over their identifiable information. The law requires businesses to disclose what personal data they collect, what they intend to use the data for, who it will be shared with, and the ability for consumers to opt-out of their personal information being sold or shared. Businesses must also comply with consumer requests for their data to be deleted.