North Dakota Considers Study on Privacy Practices of Data Brokers
A North Dakota bill to study data broker privacy issues ahead of the 2021 legislative session is moving through the North Dakota Legislative Assembly. ND 1524 has been approved by the ND House Industry, Business and Labor Committee.
North Dakota is one of a number of states considering new privacy laws. Others on the list that we are following and have written about recently are Massachusetts, Washington and New Mexico.
North Dakota HB 1524 was initially a bill to regulate data brokers, modeled after the Vermont data broker law. It was to require that data brokers operating in ND register with the secretary of state. The data broker would also have needed to inform the state of its opt out procedures and maintain a comprehensive information security program. After a hearing last week discussing the regulation of privacy, the bill was amended to perform a study.
The study will evaluate the “nature and sources of the consumer the data brokers collect, how data brokers use, maintain, and disseminate the information, and the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.” It will also determine whether adequate safety measures exist to prevent fraud and protect the identifying information of consumers.
The Vermont was the first state to target data brokers with its privacy law passed last year. The law went into effect on January 1, 2019.
HB 1485 was the other data privacy bill under consideration – which is in all likelihood on the back burner until after the study results are published. It was introduced by a group of seven Representatives and five Senators. Initially inspired by the California Consumer Privacy Act, it was later amended to more closely mimic the protections that are being considered in Washington State.
The initial proposal required express written opt-in consent for the disclosure of any part of a record that contains an individual’s personal information. In order to obtain it, the organization would need to mail or email a one-to-two page summary describing, among other things, how, when, where and to whom the entity buys, receives, sells and shares an individual’s personal information. The law would have been enforced by the ND Attorney General and also allowed individual’s a private right of action to recover damages and reasonable attorney’s fees. A version of the Washington state bill is not yet available online.
North Dakota is one of the states with biennial sessions. The legislature is in session every other year. If it does not pass a privacy law this year, it will need to wait until the 2021 session.
Other Relevant Posts:
Maine Considering LD 946 to Protect Privacy of ISP Customers
Illinois House Passes Data Transparency and Privacy Act; Senate Passes KIDS Act
Texas Considers Consumer Privacy Act and Privacy Protection Act
Update: Special Session of Appropriations Committee Saves Washington Privacy Act for Another Week
No Washington Privacy Act This Year?
Washington Privacy Act – Initial Look at the Current House Version
Summary of Connecticut SB 1108 on Data Privacy
Summary of Public Hearings on Maryland Online Consumer Protection Act
Summary of Washington Privacy Act After State Senate Passes
Florida Legislature Considers Biometric Information Privacy Act
Maryland Considering SB613 / HB0901 – Online Consumer Protection Act
With SD341, Massachusetts Joins States Considering CCPA-like Data Privacy Laws
Public Hearing on Washington Privacy Act (SSB 5376) in Senate Ways & Means – More Work to Be Done?
State CCPA Privacy Bills in Rhode Island, Hawaii and New Jersey
Ready for the new California privacy law coming on January 1, 2020? Learn more about CCPA compliance and contact us to see a demo of the Clarip privacy management platform used by Fortune 500 clients.