On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill No. 332, “An Act concerning online services, consumers, and personal data” (“SB 332”). New Jersey is the fourteenth state to pass a comprehensive consumer privacy bill, and the obligations and rights created by SB 332 follow the format used in a growing number of states that have passed comprehensive consumer privacy laws.
Scope and Exemptions
SB 332 imposes obligations on “controllers” – entities or individuals that determine the purpose and means of processing personal data – that ...
On June 16, 2023, Nevada enacted Senate Bill 370 (“SB 370”), which imposes broad restrictions on the collection, use, and sale of consumer health data. This law is set to go into effect on March 31, 2024.
More than just New Year’s resolutions went into effect when the clock struck midnight on January 1, 2023. The California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCPDA”) are now effective in California and Virginia, respectively. These comprehensive data privacy laws, along with three other state laws going into effect this year, establish new and complex obligations for businesses. If your business has not taken steps to prepare for these privacy laws, it is high time to start that process to avoid violations and enforcement likely to follow later in the year. See below for a timeline of key dates.
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) gives consumers increasingly more control over their personal information when collected by businesses subject to the law. We have previously discussed the compliance requirements of these data privacy laws on organizations doing business in California.[1] Significantly, CCPA/CPRA defines the term “consumer” to mean any California resident; which from a business perspective, such a broad definition encompasses not only the business’s individual customers, but also its employees, job-applicants or even business-to-business (B2B) contacts. With the moratoriums currently in place for B2B and employee/applicant data sunsetting on January 1, 2023 and not likely to be extended, and the prospect for federal data privacy legislation with wide preemptive effect of state law looking less likely, businesses should be actively preparing to meet these expanded statutory obligations.
Connecticut becomes the fifth state to pass a comprehensive privacy law. Are you prepared for state privacy law compliance required in 2023?
Blog Editors
Recent Updates
- Just Released: Telemental Health Laws – Download Our Complimentary Survey and App
- HISAA: New Legislation Would Bring Cybersecurity Requirements for HIPAA Covered Entities and Business Associates
- Post-Hurricane Flexibilities Offered by the U.S. Department of Health and Human Services Through the Centers for Medicare & Medicaid Services
- Unpacking Averages: CDRH Recognition of Consensus Standards Appears to Overlook Software
- Podcast: Advancements of Artificial Intelligence in Health Care – One Year After White House Executive Order – Diagnosing Health Care