With the focus trained on national legislation to safeguard data and privacy, legislative activity at the state level often gets overlooked, though it has flourished in recent years. Many states either passed, rejected or have pending bills primarily focused on compelling businesses to inform customers about how their data is used. Here is a quick rundown of the major wins and losses from across the United States – at the very least these bills give organizations a peek at what’s on lawmakers’ minds.  

ARIZONA – saw three bills fail in 2019.  
• Failed: AZ HB 2259 would have required a commercial website that collects personal information from more than 500 users to establish a secure personal information portal that allows a person to access their own information and correct any errors.
• Failed: AZ HB 2478 relates to biological characteristics and biometric identifiers. It would have provided that a person may not enroll an individual’s biometric identifier in a database for a commercial purpose unless the person provides a mechanism to prevent the subsequent use of the identifier for a commercial purpose without consent.
• Failed: AZ HB 2524 would have required a website developer or software application that uses the microphone or camera functionality of a device to collect audio or image data to disclose the data that is being collected and the reason it is being collected to the user. 

CALIFORNIA – Home to the well-known California Consumer Protection Act which went into effect January 1 considered several other proposals.  
• Pending: HB 2259, if passed, would have required a commercial website that collects personal information from more than 500 users to establish a secure personal information portal that allows a person to access their own information and correct any errors.
• Passed: CA AB 1202 requires data brokers to register with and provide certain information to the attorney general. Defines a data broker as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions.
• Pending: CA AB 950, if passed, would require a business that conducts business in California, and collects a California resident’s consumer data, to disclose to the consumer the monetary value to the business of their consumer data by posting the average monetary value to the business of a consumer’s data. 

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.