November 29, 2021

Volume XI, Number 333

Advertisement
Advertisement

New State Privacy Laws Impose Higher Restrictions on Processing Sensitive Personal Data

With the passage of the Colorado Privacy Act, Colorado joins Virginia and California as early adopters of state-level privacy legislation. These laws impose higher restrictions on companies processing specific sensitive categories of data that reveal information such as sexual orientation and ethnic origin. However, the law remains unclear on what constitutes “revealing” information. For example, do the data need to be explicit or is implicit information protected as well?

Grindr, for instance, infamously leaked the identity of a Catholic priest using its platform earlier this year [view related post]. The magazine that outed the individual had purchased “commercially available” location data from the app. So, does the fact that the user data leaked from an LGBTQ dating app count as “revealing” his sexual orientation? The U.S. Conference of Catholic Bishops seemed to think so – the priest resigned amid allegations of “possible improper behavior.”

Privacy law in the United States is developing quickly;  companies collecting, maintaining, and using personal data must comply with a confounding meshwork of state, federal, and industry standards. As a result, companies collecting, maintaining, and using potentially sensitive data (as that term is defined in several state statutes), particularly companies serving marginalized communities, may wish to consider watching this space especially carefully. The difference between classifying a user table as high or low risk could be thousands of dollars in fines and do incalculable damage to people’s lives.

*This post was co-authored by C. Blair Robinson, legal intern at Robinson+Cole. Blair is not yet admitted to practice law.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 322
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Our lawyers are knowledgeable about data collection technology, including the use of cookies. We also understand the value of collecting and using data for marketing and other strategic purposes.

We are well versed in data breach response, remediation, coordination, and litigation, including investigations by the U.S. Office of Civil Rights and state AGs.

We actively attend and speak at FTC, state AG, and industry-sponsored workshops and programs on data privacy and security developments, cases, trends, and agendas. We...

401.709.3353
Advertisement
Advertisement
Advertisement