state privacy law workshop
play

State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe - PowerPoint PPT Presentation

State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe and Maggie Martin Presenters Libbie Canter Kate Goodloe Maggie Martin ECanter@cov.com m aggie.m artin@capitalone.com kateg@bsa.org 2 Agenda Comprehensive Privacy Laws


  1. State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe and Maggie Martin

  2. Presenters Libbie Canter Kate Goodloe Maggie Martin ECanter@cov.com m aggie.m artin@capitalone.com kateg@bsa.org 2

  3. Agenda  Comprehensive Privacy Laws  Where Are We?  The Substance  The Battlegrounds  Other Privacy Topics  Biometrics  IoT  Artificial Intelligence  Health and Genetic Privacy  Cybersecurity 3

  4. Part I Comprehensive Privacy Laws 4

  5. Where Are We? 5

  6. 2019 Privacy Proposals Introduced Passed one chamber Task force or study formed Signed into law ffsdf 6

  7. 2020 Privacy Proposals Introduced Passed one or more chamber Hearings held Signed into law Ballot initiative ffsdf 7

  8. The Battle in Washington State 8

  9. The Battle in Washington State 9

  10. Coronavirus Impact 10

  11. The Substance 11

  12. Key Battleground Issues  Enforcement, including private right of action  Scope of personal information covered  How “identifying” is it? To whom?  Application to employee and household data  Exclusions for de-identified or pseudonymous data  Exemptions for federally regulated entities 12

  13. Key Battleground Issues  Scope of rights with regard to sharing of data  Rights with respect to targeted advertising  Right to opt out of any disclosure of personal information  Additional consumer rights  “Other” issues (e.g. facial recognition)  Distinguishing between “controllers”/businesses and “processors”/third parties or service providers 13

  14. Key Legislative Models 14

  15. Minnesota HF 3096 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale Sale/Disclosure Restrictions Other Rights Non-discrimination Accountability Other Features Enforcement AG & PROA 15

  16. New Hampshire HB 1680 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only (except PRA for data breaches) 16

  17. Connecticut SB 134 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only (except PRA for data breaches) 17

  18. Nebraska LB 746 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only 18

  19. Illinois SB 3299/ HB 5603 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only 19

  20. Arizona SB 1614 Factors Content of Law Personal Data Covered All consumers when any aspect of commercial conduct takes place in AZ  (but only if business sells data) Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features HCR 2013 expresses preference for federal standard Enforcement AG only (except PRA for data breaches) 20

  21. Maryland SB 957 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt-out from sale and disclosure Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG, PRA (violation of CPA) 21

  22. Illinois SB 2330 Factors Content of Law Personal Data Covered Employee exception  Transparency  Access Rights  Deletion  Opt-out from sale and disclosures Sale/Disclosure Restrictions  Correction and opt out of processing Other Rights Accountability Risk assessments Other Features Enforcement AG only (except PRA for data breaches) 22

  23. Massachusetts S. 120 Factors Content of Law Personal Data Covered Narrow Employee Exception  Transparency  Access Rights  Deletion  Opt-out from third-party disclosure Sale/Disclosure Restrictions Other Rights Accountability Other Features Prohibits disclosure of PI if a business knows/willfully disregards under 18 Enforcement AG Enforcement & PRA 23

  24. Florida SB 1670 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  (contemplated, but not clear) Access Rights Deletion X  Opt-out from sale Sale/Disclosure Restrictions  Correction right contemplated Other Rights Accountability Other Features Enforcement Dep’t of Legal Affairs only (no PRA) 24

  25. Louisiana HB 617, HB 654 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights Deletion X  Opt-out from sale Sale/Disclosure Restrictions  Correction right contemplated Other Rights Accountability Other Features Restrictions on use of public records data for marketing/solicitations Enforcement DOJ only 25

  26. Washington PSSB 6281 Factors Content of Law Personal Data Covered Commercial/Employment exceptions  Transparency  Access Rights  Deletion  Opt out of sale Sale/Disclosure Restrictions  Rights to correction; opt out of targeted Other Rights advertising and profiling Accountability Data protection assessments Other Features Facial recognition regulation Enforcement Initially AG only; PRA added 26

  27. Wisconsin AB 870, 871, 872 Factors Content of Law Personal Data Covered All Wisconsin residents  Transparency  Access Rights  Deletion Sale/Disclosure Restrictions Via right to restrict processing  Right to restrict processing and Other Rights nondiscrimination Accountability Recordkeeping requirements Other Features Requires basis to process personal data; further limits sensitive personal data Enforcement AG only 27

  28. Arizona HB 2729 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt out of sale Sale/Disclosure Restrictions  Rights to correction; restriction of Other Rights processing Accountability Other Features Enforcement AG only 28

  29. Minnesota SF 2912 Factors Content of Law Personal Data Covered Employee exception  Transparency  Access Rights  Deletion  Objection to targeted advertising Sale/Disclosure Restrictions (includes sale)  Objection to Processing, Rectification, Other Rights Profiling Accountability Risk Assessments Other Features Enforcement AG only 29

  30. Virginia HB 473 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt out of sale for targeted ads Sale/Disclosure Restrictions  Rights to correction and to object to Other Rights processing and/or targeted advertising Accountability Risk assessments Other Features Enforcement Broad PRA 30

  31. New York Privacy Act – S 5642 Factors Content of Law Personal Data Covered Broad definition, but excludes employees and contractors  Privacy notice Transparency  Access, Correction, Deletion, Restrict Consumer Rights processing, Portability, Object to processing, Profiling restriction  Opt-in (sale and processing) Sales/ Disclosure Restrictions  Likely an indirect requirement Accountability Other Features No minimum company revenue threshold, Fiduciary duty, Pass through Enforcement AG, PRA: injunction/ damages (+atty’s fees) 31

  32. Vermont H. 899 Factors Content of Law Personal Data Covered Not clearly defined  (must include monetary value of data) Transparency Access Rights X  (social networking services only) Deletion Sale/Disclosure Restrictions X Other Rights Accountability Other Features Facial recognition restrictions Enforcement AG only 32

  33. Rhode Island H. 7778 Factors Content of Law Personal Data Covered All State Residents  Transparency Access Rights X Deletion X Sale/Disclosure Restrictions X Other Rights X Accountability X Other Features Enforcement AG only 33

  34. Uniform Law Commission ULC – Timeline Winter/Spring 2020 Drafting sessions Summer 2020 First reading draft to full ULC Summer 2021 Final draft to full ULC Summer 2022 Available for adoption by states 34

  35. Uniform Law Commission Factors Content of Law Personal Data Covered Excludes employees  + “privacy commitment” Transparency  Access, Correction, Deletion, Confirmation Consumer Rights of Processing Sales/ Disclosure Restrictions Opt-out of targeted advertising, profiling Accountability Privacy impact assessments, privacy officers Other Features Duties of: loyalty, data minimization, purpose limitation, nondiscrimination, data security Enforcement AG, PRA 35

Recommend


More recommend