No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Q&A: Is the U.S. Primed for 50 Individual Data Privacy Bills or Will Government Act?

With every new state-sponsored privacy bill, compliance challenges multiply

by Bill Millar
April 27, 2022
in Data Privacy
QA logo_kateifides alexis

On March 24, Utah joined the ranks of California, Colorado and Virginia, becoming the fourth U.S. state to enact a consumer data privacy law. But it will not be the last, says Alexis Kateifides, senior counsel at OneTrust’s Centers of Excellence, in this interview with CCI.

Bill Millar, managing editor, Corporate Compliance Insights (CCI): What just happened in Utah?

Alexis Kateifides (AK): Several states were in the running to be the next to enact privacy bills. California, Colorado and Virginia were the first to do so, and now states like Maryland, Oklahoma, New York and others have bills active in their legislatures. My team has been keen to know who would be next, and as turned out, Utah became the fourth state to do so with its Utah Consumer Privacy Act (UCPA).

CCI: What does this mean for those doing businesses in Utah?

AK: Those encountering data privacy laws for the first time will have some work to do. First you must determine if your business fits the profile [see info box]. Those that do are going to have to put some time into thinking about how they are using personal data. Where is data collected? How is it used? Why? They will need to go through their policies and processes and their contracts with vendors. They will also need to think about how they will fulfil consumer requests for information.

ucpa at a glanceCCI: How should they get started?

AK: The first question you must ask yourself: have we seen this before? There have already been data privacy laws passed in California, Colorado and Virginia. So, there will be companies who are familiar with this sort of legislation.

If the company is already addressing programs from other states or maybe has experience with the GDPR, it will be less of a burden on teams needing to factor UCPA into their existing programs. That is, the Utah law includes a lot of similar treatment for things like:

  • Data subject rights
  • Transparency
  • Security obligations
  • Vendor management

Then it’s a matter of mapping — where are we operating and need to comply? Identify the similarities, but in particular, pay attention to the differences.

One way to approach this is to create some sort of baseline: This is how we manage consumer data. From there, you can adjust your program to reflect the nuance of each state.

Another idea to consider, maybe start with the GDPR, a global standard, and say that’s your baseline for everywhere you operate. Or you could consider ideas like privacy by design or the ISO/IEC 27001 or 27701 standards for information security and privacy management.

CCI: Who will enforce these rules?

AK: One of the issues that comes up with these rules is whether they provide for a private right of action — a citizen’s right to file a lawsuit. Of the three enacted in the U.S. so far, California’s CPRA is the only one to include such a right.

In this regard, Utah’s law is very similar to that of Virginia and Colorado in that it will be up to the state attorney general as to whether to initiate proceedings. However, there are several layers to that process. For example, a company might be issued a notice from the AG and given a 30-day period to cure the violation. Then, informing the AG of the correction, that could be the end of the action.

CCI: What are the risks of getting this wrong?

AK: You need to be concerned about the regulatory risk, which can range from fines to cessation of business. But in the end, it’s becoming much more of an issue of reputation. Of trust.

And so, a lot of our clients are having a look at how to migrate from treating this as an issue of compliance to building out a program of trust. They want to build programs that focus on transparency with not just customers but employees, partners, suppliers, the community, investors and other stakeholders.

CCI: Who will be next?

AK: A number of state legislatures are reviewing privacy bills. Others may soon follow. In any case, all of this is very similar — reminiscent — of what happened in the early 2000s with breach notification laws. In the absence of a federal breach notification law, states began issuing their own rules, with California being the first. Today all 50 states have some form of breach notification law.

Now it appears the same thing is happening with data privacy regulation. California was again the first, and now we are again seeing this gradual domino effect of other states passing similar laws of their own. So far that’s only four, but momentum is building.

So, one of the questions we’re asking: will this become a similar situation where we’ll wind up with 50 different sets of data privacy rules? Or will this shape discussions leading to a federal privacy law? It’s hard to say either way.

CCI: What are the chances there will be a federal law?

AK: That is very hard to say. Certainly, there would be benefits to harmonization from a company’s perspective. They would not have to learn to comply with 50 separate sets of rules.

There is also a benefit to consumers in that they will be treated consistently wherever they do business. A federal consumer data privacy law could provide consumers with greater awareness of how to control their data and their privacy.

The other piece is how this could be helpful in the context of international data transfers. Right now, there are concerns in the EU, U.S., U.K. in this area. Developing a federal privacy law, setting a standard, would simplify matters.

This interview has been edited for length and clarity.


Tags: Data Governance
Previous Post

Spring Cleaning: Good for Your Physical Space and Your Mental Space

Next Post

Unpacking New Sets of Challenges for Compliance Committees: Renewed DOJ Focus on Corporate Crime and Antitrust

Bill Millar

Bill Millar

Bill Millar is a longtime business writer, researcher, roundtable facilitator and speaker. He began his career as a Wall Street practitioner, working in treasury and trading at Euro Brokers, Drexel Burnham Lambert and E.F. Hutton before taking on a 12-year stint at The Economist Group. For the past 30-plus years, Bill has been writing about all manner of compliance and risk management, including deep dives into finance, treasury operations, core and emerging technologies, ethics and taxation. He has written more than 20 books including, "Financial Innovations," "101 Treasury Checklists" and "The One to One B2B."

Related Posts

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

data security program concept cameras

Your Sensitive Data Is Now a National Security Matter: The DOJ’s New Data Security Program

by Randall Cook, Vince Mekles and Rachel Woloszynski
April 29, 2025

90-day implementation window closing on regulations affecting companies with genomic, biometric, health and other personal information

Electronic Evidence Collection for eDiscovery and Compliance

Electronic Evidence Collection for eDiscovery and Compliance

by Corporate Compliance Insights
March 30, 2025

Are you prepared to manage modern data sources in your compliance program? Whitepaper Electronic Evidence Collection for eDiscovery and Compliance...

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

Next Post
doj w flag

Unpacking New Sets of Challenges for Compliance Committees: Renewed DOJ Focus on Corporate Crime and Antitrust

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights