Privacy Roundup: Utah, Colorado, and the State of Privacy in the US

April 1, 2022 - Randy Ransom

Digital privacy is an ever-changing topic, with rules, regulations, and technology in constant flux-- it can be a lot to keep up with. Our monthly Privacy Roundup combines the most important privacy stories of the past month with expert analysis and Ensighten solutions, so you can keep your website compliant.  

It feels like yesterday that major privacy regulations like CCPA and GDPR were passed - probably because we lost a few years trapped in our homes, but another major factor was just how slowly the regulatory bodies have been to act upon their newly ratified power. In real-time, it’s been four years since CCPA and six since GDPR. To be fair, each came with a grace period baked in so some of that time is a bit wibbly-wobbly, but you would think after years there would be more shouting and pitchforks for user privacy.

State Lawmakers Take the Lead in Data Privacy

In the USA, there's been a lot of legislative foot-dragging around privacy, but it seems that times are finally changing. As of 2022, the majority of states have some kind of privacy law on the legislative docket, and we're starting to see state-level privacy regulations get signed into effect. Pretty soon it won’t be just the Californians who have more rights to their data.

Colorado Privacy Act to Come into Effect in '23

In mid-2021, Colorado passed the CPA (Colorado Privacy Act), and it’s set to start making itself a problem for companies and a friend to users one year from now in mid-2023. Similar to CCPA, it sets up rights for digital users and applies to any organization doing business in Colorado or supplying some form of product or service to Colorado residents. You’ll find similar rights granted such as the right to access your personal data, have your data deleted, or have it not sold for certain purposes.

Utah Passes Consumer Privacy Act

In more recent news, we saw Utah become the fourth state (after Virginia) to sign a comprehensive privacy act into law. The Utah Consumer Privacy Act (UCPA) received its final signatures on March 24th, 2022, and goes into effect on December 31st, 2023. Boasting a similar line of protections to the front-runner CCPA, Utah residents will have the right to be better informed and have more control over their personal information as it pertains to use without their consent or knowledge.

CPRA to Supercede CCPA

Since the passage of the CCPA in 2018, California has had the strictest set of privacy laws in the United States and starting in 2023, they're getting even stricter. The California Privacy Rights Act (CPRA)  makes significant expansions upon the California Consumer Privacy Act (CCPA) of 2018 with new consumer rights (the right to rectification and the right to limit the use and disclosure of sensitive personal information), increased enforcement via a new enforcement agency, and the additional requirement of a 'Do Not Share' button. 

In 2021 many states began similar processes and are in the legislative or committee steps to produce their own Privacy rulings. It’s safe to say that the 2020s will be a decade of change in consumer privacy. To help you keep up with this, we've put together the State Privacy Law Tracker, where you can easily track and compare data privacy bills across the US. 

Biden Administration Prioritizes Privacy

When it comes to consumer privacy, the federal government has lagged behind other nations, and even individual states, significantly, but there are signs that this inaction is coming to an end. 

In March, President Biden nominated a new member, Travis LeBlanc, to the Privacy and Civil Liberties Oversight Board as an arbitrator. That means more eyes on how companies are complying with the transfer of user data overseas and signals an increased interest in user data privacy as a whole

At the same time, we see major government agencies like the Department of Health and Human Services stepping up enforcement of existing data privacy laws to make sure medical data like Health Insurance and Records are stored and transferred with safety and security in mind. Medical records count themselves among the most sensitive alongside financial data when we’re thinking about a user’s private information. It’s an important point of oversight that we ensure this data is held tightly as its loss not only represents data privacy violations but also long-standing HIPAA laws.

Staying Ahead of Privacy Policy

In the industry, it’s our job to stay ahead of these issues and provide solutions that keep the end-users within their rights and the businesses within compliance. Each time one of these regulations is released we see a flurry of companies panic and set about finding the fastest and cheapest solution around to make sure they’re checking the box before they get fined thousands (if not millions) of dollars. Then, a few years later, they realize they should have been more proactive in bringing themselves into compliance when they discover that the product they bought either wasn’t as compliant as it claimed or the tools and features it offered were all glitter and no gold.

The US is adding more focus to digital privacy and consent as the years go by and it's easily predictable that this is not a problem that will just go away. As technology improves it becomes easier for a user to remain anonymous if they want to, and the laws are moving to support their rights to do so. Is your company prepared for upcoming legislative changes both at home and worldwide? Should you be considering more than just who or where your user is? Where is your data stored? Where does it travel as a user half-way around the world submits their contact information? Thankfully, we're on top of things and looking toward the future. The Marsec features of Ensighten Privacy are well prepared to deploy the forms and features necessary to account for all manner of consent requirements, from the UCPA to the GDPR. Our engineers and legal professionals are ensuring that we and our clients are ready for new requirements worldwide. Are you and your company prepared for the same?

Comprehensive Compliance with Ensighten

State privacy laws like the UCPA are pressing new responsibilities—and penalties—on businesses and marketers. Ensighten offers organizations a solution to help build a fully compliant website and simplify compliance with the UCPA, CCPA, CPA. CDPA, GDPR, and any future privacy laws.

With Ensighten Consent Management Plus (CMP+), you can set up geo-targeted opt-out of sale links for consumers and give your customers a clear-cut choice on how their data is used, or whether it is collected. A simple line of JavaScript added to your website is all you need to stop data from being collected before your customers give their consent, allowing real-time enforcement of customer consent regardless of tag management systems or 3rd party tags.

Request a demo to see how Ensighten can help your organization meet its compliance and client-side security needs.

Already an Ensighten Privacy user and looking to enable the USA-related features like CCPA? Check out our Help Center.

Randy Ransom

Randy Ransom

Randy is a Principal Consultant at Ensighten with over a decade's experience and expertise in the digital privacy landscape.

Learn more about Ensighten and our solution

Online skimming blog

Learn why third-party components on your website could be leaving you vulnerable to online skimming attacks

Read Now

Web skimming webinar

Learn more about how online skimming attacks happen and how you can protect against them

Watch Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against online skimming

Book Now