Practical Insights Direct From U.S. State Privacy Enforcers

If enacted, the proposed American Privacy Rights Act, unveiled April 7, 2024, could preempt existing comprehensive U.S. state privacy laws. The lengthy proposal is still a discussion draft, however, and has yet to be formally introduced in either chamber of Congress. In the meantime, the first wave of state-level privacy enforcers have not only blazed trails, but they have done it together, creating a replicable standard for consumer data protections being rolled out across the country. At last week’s International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington, D.C., regulators from California, Colorado, Connecticut and Oregon offered candid commentary on their enforcement priorities, investigation approaches, guidance, cooperation and compliance best practices. This article distills the practical aspects of the discussion, which was moderated by IAPP’s Cobun Zweifel-Keegan. See our two part series analyzing 2023’s new state privacy laws: “The First Six Plus Compliance Measures” (Jun. 28, 2023), and “Oregon and Delaware Join the Strictest Tier” (Jul. 12, 2023).

To read the full article

Continue reading your article with a CSLR subscription.