There have been some major developments with regard to privacy laws beginning largely in 2018, with the implementation of the General Data Protection Regulation (“GDPR”), which became enforceable in May 2018, and which gave consumers in Europe certain rights as to their personal information and how business handle and transfer their data.

In the wake of the GDPR, many states have begun implementing their own privacy statutes, since there is no federal law on this particular subject. To date, the broadest of such laws is the California Consumer Privacy Act (the “CCPA”), which is about to go into effect on January 1, 2020, followed closely by New York’s Stop Hacks and Improve Electronic Data Security Act (the “SHIELD” Act”) which goes into effect on March 21, 2020, and which may prove to be even broader, in some ways than the CCPA.

In order to comply with these new laws, companies are revising and updating their online privacy policies. In addition to these policies, however, business need to implement and update their own procedures data privacy procedures.

Here are some key areas to focus on in preparation for compliance with the privacy laws:

1. Designate a privacy director

2. Encrypt and redact data to the extent possible

3. Outline an incident response plan

.

4. Determine and upgrade capability to comply with privacy laws

5. Update contract clauses to ensure that vendors comply.

6. Consider obtaining cyber liability insurance

7. Take a data inventory

For more information about this article or other issues, please contact us, The Bachman Law Firm PLLC at judith@thebachmanlawfirm.com or 845-639-3210.