This post was written by Anna Truckley.
Nowadays, much of our lives are lived online as we spend most days operating through screens. With that comes companies on the other side collecting and gathering our personal data. The more personal data companies store, the greater the risk of exposure in the event of a breach or hack – which begs the question, is our data being protected?
Surprisingly, there is no universal, comprehensive U.S. federal data privacy law in effect. As such, each state has been responsible for establishing its own laws regarding how personal data of consumers is protected.[1] Currently, there are 15 states that have comprehensive data privacy laws in place today. As a general statement, these laws apply across industries and grant rights to individuals related to the collection, use, and disclosure of their personal data by businesses. Several other states have proposed privacy bills pending in their respective legislatures – one of which is Pennsylvania.
House Bill 1201 is an act providing for consumer data privacy – the first of its kind in Pennsylvania. This Bill was first introduced in the House of Representatives in 2023 but has just recently passed and moved to the Senate for consideration. Although a final version has not yet been signed into law, drafts suggest the Bill would regulate the collection and use of consumers’ data by providing consumers with certain rights and requiring businesses to protect and limit collection of personal data. The Bill also provides enforcement authority through the Attorney General and allows the imposition of penalties for violators. It is important to note that if passed, this Bill would become effective within 6 months of enactment.
Given the patchwork approach to privacy legislation and the lack of continuity across the U.S., compliance and liability risks for companies that have multistate operations is inherent. It is best to consult with the attorneys at Metz Lewis to better understand your obligations and responsibilities.
[1] A previous blog post by my colleague, Jessica Mozingo, discusses the status of data privacy laws throughout the U.S. The entire blog post can be found here – It’s Not All GDPR – U.S. Data Privacy Update.
