In 2016, the European Union passed the General Data Protection Regulation (GDPR). As the world’s first comprehensive digital privacy law, the GDPR applies to all companies that operate in or collect information from residents of EU member states. The GDPR changed the game by aggressively targeting the lack of transparency and consent that had been the hallmark of most modern consumer data collection practices.
Because the US doesn’t have a federal data privacy law, it was up to individual states to pass laws protecting how consumer information is collected and processed. In 2018, the California Consumer Privacy Act (CCPA) became the U.S.’s first privacy regulation. Since then, Virginia, Colorado, and Utah have all enacted similar bills.
On May 10, 2022, after years of bipartisan effort, Connecticut’s SB 6 became the Connecticut Data Privacy Act (CTDPA), the fifth U.S. privacy law to be enacted. Most similar to the Colorado Privacy Act (CPA), the CTDPA may prove to be a tipping point that forces Congress to get serious about passing a federal statute.
Until then, being proactive about your privacy program is the best way to make sure your company is ready to satisfy its legal obligations and meet your clients’ expectations for data privacy and protection. Red Clover Advisors has the knowledge and experience you need to do both.
Data privacy isn’t just an obligation. It’s a value-add that shows your users you’re serious about improving their experience.