The Legislation Season: Passing data privacy bills
It is legislation season. Legislators across the country are working away trying to change the nation for the better by introducing bills to eventually become laws and influence what people and companies can do.
Increasingly, legislators are focusing in on drafting privacy bills. Inspired by the General Data Protection Regulation and the California Consumer Privacy Act, legislators have been drafting away, putting their own spin on comprehensive data privacy laws. But drafting is only the first step.
Typically, a new bill is introduced and read in the legislative house that it is introduced. Then legislators decide to send it to one or more committee. The committees represent legislative specialists. They will have a particular focus in mind (such as technology) when reviewing the provisions of the bill. So they might think through whether it is possible to enforce the law with existing technology. Or whether the bill will encourage growth of technology industries in the state. After they thoroughly review the bill, they may propose some amendments to the bill, send it back to the originating house, which may send it to another committee or may put it to a vote (there can also be additional readings of the bill to remind all the legislators about what is in it.)
If and when a bill gets to a vote before one house and it passes the vote, it then moves on to the other legislative house and goes through the same process there. The only difference is that after the second house votes to approve the bill, if any amendments were made during the bill’s time in that house, the originating house needs to review and approve those amendments.
If it passes both houses successfully, including the originating house approving any amendments from the second house, then it goes to the governor for signature. If the governor signs, it becomes a law. If the governor vetoes the bill, the houses can still override the veto with overwhelming support from both houses. Typically, each house would need a vote with 2/3 support to overrule the governor’s veto. Throughout this whole process, there are many opportunities for the bill to fail. But passing both houses and getting the governor’s signature or overruling the governor’s veto makes the bill a law.
Most privacy legislation fails. Some states try year after year and fail year after year. There doesn’t seem to be any rhyme or reason to it. Every so often, privacy bills do become law. And it can happen really quickly. Take for example the Utah Consumer Privacy Act. It was introduced in the Utah Senate on February 17, 2022. It passed the Senate just 8 days later, on February 25, 2022. Then it was introduced in the Utah House on February 28, 2022 and passed there a mere 2 days later, on March 2, 2022. One day later, the Senate approved the House’s amendments. The bill was sent to the governor for signature and he signed on March 24, 2022. The bill will go into effect on December 31, 2023.
This means that businesses in Utah need to really quickly figure out how they will comply with the Utah Consumer Privacy Act (UCPA) and their solution needs to be functional by the end of next year. It can be difficult to be ready for UCPA or whatever law pops up next.
Thankfully, companies don’t need to start from scratch. Clarip has data privacy compliance products that companies can use to help comply with the GDPR, CCPA, VCDPA, CPA, LGPD, PIPL, and UCPA. Whether you need help with data mapping, data subject request fulfillment, website scanning, consent management, vendor management, or data risk intelligence scans, Clarip can help. Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more.
Mike Mango, VP of Sales