2023 Resolution: Review & Update Your Privacy Program
Five new state omnibus privacy laws take effect in 2023, with two that already kicked in on January 1.
-
The California Privacy Rights Act (CPRA) – effective January 1, 2023, enforceable July 1, 2023.
-
Virginia Consumer Data Protection Act (CDPA) – effective and enforceable January 1, 2023.
-
Colorado Privacy Act (CPA) – effective and enforceable July 1, 2023.
-
Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTPDA) – effective and enforceable July 1, 2023.
-
Utah Consumer Privacy Act (UCPA) – effective and enforceable December 31, 2023.
If you have not already reviewed and updated your privacy program, now is the time to take a look at a few key things:
-
Privacy Notice: Privacy notices need to be updated to incorporate new disclosures and the rights provided to consumers (and, for California: employees and B2B contacts) under the new state laws.
-
Marketing Programs: Under the new privacy laws, additional focus is being placed on targeted advertising, profiling, financial incentive programs, and dark patterns. What is a “dark pattern”? Check out this report – Bringing Dark Patterns to Light – published by Federal Trade Commission staff in 2022. If you have not previously taken the opportunity to consider these areas with your marketing team, now is the time.
-
Data Protection Assessments: Similar to European law, US laws now incorporate data protection assessment requirements for certain processing activities. Businesses need to document activities that impact personal data, record their findings, and develop appropriate controls and record-keeping processes to address new regulatory requirements.
-
Website Links and Opt-Outs: Depending on practices, new links may be required to permit website visitors to opt-out of selling, sharing, and targeting advertising. Additionally, if you have not previously considered “do not track,” now is also a good time to consider the Global Privacy Control option to permit users to opt-out.
If you didn’t know, now you know. Time to get your privacy program in shape for 2023. If you have questions about application of these laws to your business, check out our previous alert, “Are You Ready for 2023? New Privacy Laws to Take Effect Next Year.”
