The states at the forefront of consumer privacy legislation

California and others have begun to pass consumer privacy laws while lawmakers in Congress are beginning to address the issue as well. Following is a snapshot of what's been approved and what is still under consideration.

California

sacramento-calif-capitol-fotolia.jpg
The California Consumer Privacy Act was approved by lawmakers in June 2018 and is set to take effect in January 2020. The law requires companies with California residents as customers to abide by heightened disclosure standards and gives consumers considerable control over how their personal data is used.

The legislature approved language in September 2018 clarifying a carve-out for financial institutions under the Gramm-Leach-Bliley Act, although it does not exempt the sector from the law entirely.

Vermont

Vermont
Welcome sign of the state of Vermont
Vermont passed a law regulating data brokers in May, and it went into effect in January. Data brokers, which buy and sell consumer information, must now register with the state's attorney general, make annual disclosures regarding privacy practices and data breaches and maintain a comprehensive information security program.

Colorado

Denver
City of Denver Colorado with morning sun star
Colorado passed a law in May 2018 that raises standards around data security in the state. The law, which went into effect in September, mandates that companies maintain "reasonable" security practices and appropriately dispose of documents containing consumers’ personal information and ensure data is protected when transferred to third parties. Consumers must also be notified of data breaches within a 30-day time frame.

New Jersey

New Jersey Capitol Building in Trenton
The New Jersey State House in Trenton.
In July 2017, New Jersey passed a bill that limits a merchant’s ability to collect information about shoppers and pass that data on to third parties; it took effect in October 2017.

More state bills pending...

data-privacy1.jpeg
Network Safety Concept with Businessman Touching Closed Padlock as Symbol of Security. Internet Security Technologies. Password Access Protection.
New York State Sen. Brad Madison Hoylman proposed a bill in January that would give consumers the right to know what information is being collected about them from companies and how it’s being disclosed to third parties — similar to California’s new privacy law.

Meanwhile, a bill that state Sen. Reuven Carlyle of Washington introduced in January would also give consumers the ability to find out whether their personal information is being collected by companies and whether it is being sold to others.

Republican proposals in Congress

p19ipf54g414f5150nmjju181aghf.jpg
Sen. Marco Rubio, R-Fla., introduced legislation in January that would direct the Federal Trade Commission to draft new consumer privacy restrictions that would then have to be approved by Congress.

At the same time, Sen. John Thune, R-S.D., chairman of the Senate Commerce Committee, said last fall that he plans to pursue legislation on the issue. “We’re trying to take some of the best ideas out there” and “incorporate them into a legislative package,” he told Politico in September.

Over in the House, Rep. Marsha Blackburn, R-Tenn., introduced a bill last term that would impose more consumer rights around online privacy, including limiting the ability to social media companies to share a user's personal information.

Democratic proposals on the Hill

schatz-brian-013119.jpg
Senator Brian Schatz, a Democrat from Hawaii, speaks during an interview in Washington, D.C., U.S., on Thursday, May 7, 2015. Schatz, who opposes fast-track legislation, said he will back Senate Minority Leader Harry Reid's effort to force the Senate to consider bills to extend federal highway funding and modify U.S. surveillance laws before turning to trade legislation. Photographer: Andrew Harrer/Bloomberg *** Local Caption *** Brian Schatz
Sen. Brian Schatz, D-Hawaii, sponsored a bill in December 2018, backed by more than a dozen Democratic colleagues, that would require companies to safeguard personal consumer data online and prohibit firms from using the information in ways that would be harmful to customers.

In November 2018, Sen. Ron Wyden, D-Ore., released draft legislation that would give the FTC more power to punish companies for privacy violations, require companies to submit an annual privacy protection report and mandate the creation of a national website that would allow consumers to opt out of data sharing online.

The office of Sen. Mark Warner, D-Va., published a white paper over the summer outlining steps that could be taken to regulate social media and tech companies, including creating legislation similar to Europe’s strict privacy policy, the General Data Protection Regulation.

On the House side, Rep. Hank Johnson, D-Ga., introduced two measures last year aimed at improving consumer privacy on mobile devices and allowing consumers to opt out of big-data collection and use.
MORE FROM AMERICAN BANKER