No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Wave of State Data Protection Laws Is a Gathering Compliance Nightmare

Doing business in multiple states? You’d better have someone in charge of data privacy & security

by Scott Allendevaux
September 26, 2023
in Data Privacy, Opinion
wall of filing cabinets holding private information

In absence of a single national data privacy law, companies continue to face a multi-state balancing act. Data privacy practitioner Scott Allendevaux sets the scene.

A patchwork of advancing data privacy bills across the nation is creating a figurative field of landmines waiting to explode. Indeed, consumer data privacy bills are flying through legislatures in red and blue states alike. The bills are as diverse as the states passing them, leaving multistate companies to deal with a patchwork of rapidly changing rules. 

In the absence of a national standard for data protection, states are stepping up to assure consumers have protections in place. It’s becoming a logistical nightmare for companies, particularly cloud service providers and companies that reach out directly to consumers. 

Without a strong data-protection program, any piece of data carrying personal information could inadvertently cause a company to run afoul of a state law. Information has no boundaries. It zips across state lines, oblivious to the different laws and regulations that govern states. That’s where the challenge lies.

data privacy on bumper sticker
Data Privacy

A National Privacy Law Doesn’t Appear on the Near-Horizon in the US. Globally, It’s a Different Story.

by Kevin Coy and Erin Doyle
August 8, 2023

International law around data privacy continues to evolve as jurisdictions around the world seek to develop and refine their regulatory schemes governing collection and processing of consumer data by businesses.

Read moreDetails

It’s understandable that states want to protect consumers’ personal information. Most companies have experienced more than one data breach. That’s especially true for cloud-based companies. 

Early privacy laws focused on managing data breaches and user security issues such as password protection. For a long time, California was the only statewith a law protecting consumers’ rights to manage their own data. Things are changing fast. Several states have now passed comprehensive privacy laws.  More are coming. Upwards of 100 privacy-protection bills have been introduced in state legislatures. 

For companies, that means navigating an ever-changing regulatory landscape with different definitions and different levels of rigor.

In some states, residents can opt out of certain data-processing activities or correct their own data. Other states have different privacy laws for large companies than for smaller ones. Different states also require companies to disclose privacy information at different stages of data collection. 

There’s no shame in being confused. Consumer privacy bills vary so much from state to state that even the definition of a consumer isn’t consistent. That’s a difficult thing for a software engineer to address, and it’s changing rapidly as more states adopt new laws. 

Compliance is no longer about checking boxes. It’s about implementing a robust set of data-protection measures that respect people’s rights to their own data, and it’s about companies being transparent and accountable in the digital world. 

A company has to determine which data protection laws it has to comply with, and what those laws say. Multinational companies are already doing this with countries that have comprehensive data protection laws, such as the UK GDPR. Some 137 nations have privacy laws, and the laws are as diverse as the countries that enacted them. 

So how does a company keep up? 

Every multistate company needs a security officer and privacy officer — or someone else charged with keeping track of the laws and making sure they’re being followed. That means constantly updating the company’s privacy policy and keeping residents of individual states apprised of their rights under state law. There should also be a contact name, email and phone number on the website — and the contact should be checking for messages every day.

It’s a complex world for companies to navigate, and it underscores the need for a unified approach. But it’s not clear when that will happen. The U.S. badly needs a unified data-protection law like the EU’s. The EU, in 1995, had a similar set of challenges. Leaders recognized the importance of ensuring a consistent level of protection. They saw that making the transference of information less complicated would propel the economy. In the U.S, the complexities of different data-protection walls act as a hindrance to growth.

It’s not just about simplifying compliance for business; it’s about ensuring Americans’ fundamental right to have their data protected. It’s essential that state and federal legislators, as well as federal agencies like the Federal Trade Commission, work together to make sure that happens. In the meantime, it’s up to companies to stay on top of the changing landscape.

It takes nine to 12 months to build a data-protection program. But it’s essential for a company that reaches across state lines. That’s the first thing a federal regulator or attorney general will look at in the event of a data breach. If there’s no program in place, all bets are off. 


Tags: California Consumer Privacy Act (CCPA)California Privacy Rights Act (CPRA)Data GovernanceGDPR
Previous Post

California Poised to Enact Landmark Climate Reporting Rules

Next Post

Why Data Privacy and Cybersecurity Must Be at the Top of CEOs’ Communications Agendas

Scott Allendevaux

Scott Allendevaux

Scott Allendevaux, LP, CISSP, CIPP/US, HCISPP, CIPT, CIPM is senior practice lead at Allendevaux & Co., an Ohio-based cybersecurity agency.

Related Posts

data privacy leader concept

Who’s Minding Your Data? The Case for Dedicated Privacy Leadership

by Daniel Barber
June 16, 2025

As state privacy laws multiply and AI introduces new vulnerabilities, the question isn't whether you need dedicated privacy expertise —...

abstract obscured data colorful

NIST’s Differential Privacy Guidelines: 6 Critical Areas for Secure Implementation

by Michelle Drolet
June 16, 2025

Standard de-identification methods remain vulnerable to sophisticated attacks, but differential privacy offers mathematical guarantees that scale with emerging threats

todd snyder runway show scarf

Lessons Learned: Todd Snyder CCPA Enforcement Action

by Richart Ruddie
May 29, 2025

Third-party risk, overcollection of data and lax training all cited by California data privacy enforcer

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

Next Post
ceo speaking concept

Why Data Privacy and Cybersecurity Must Be at the Top of CEOs’ Communications Agendas

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights