The European Union’s General Data Protection Regulation and the California Consumer Privacy Act of 2018 generated a tremendous level of interest in data privacy and data security among individuals, lawmakers, and businesses. As a result, there has been a remarkable uptick in the amount of state legislation introduced in the past several years, and the momentum continues to build. 2021 saw a steady stream of enforcement actions and class actions focused on data privacy and security. Nine states have now enacted comprehensive data privacy laws and more have regulations covering data security.

On top of this, the Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge. The Rule applies to many businesses beyond the scope of what are commonly understood to be “financial institutions” and has implications for service providers to covered entities.

In the absence of a federal data privacy act with preemption, businesses need to agilely adapt to the patchwork of federal and state laws and regulations. Our Data Privacy and Security team of attorneys is available to provide guidance on the Safeguards Rule and other federal and state data privacy and security laws and can assist you in integrating these laws into your compliance programs and operations. For more information, contact:

• Donald Maurice
• Eric Rosenkoetter
• Brent Yarborough

For further information on federal and state data privacy and security laws, visit our resources for Data Privacy and Security.