These days data privacy is an important topic to consumers and to business. California was the first state to address the issue of businesses gathering and selling consumer data.
Since then other states have joined the push.
Surprisingly, there still has been no rush by the federal government to insist on more protections. So the states are left to craft their own versions of data safety and policies on data gathering.
Two PIA Western Alliance states, Oregon and Montana have now joined the handful of states where data privacy has become a government concern.
Montana’s Consumer Data Privacy Act goes into effect on October 1, 2024. The act has a lower compliance threshold than most states doing this law. It targets companies processing personal information of 50,000 or more consumers, or processing the data of 25,000 or more customers, and that are getting 25% of gross revenue from the sale of that data.
The law gives businesses a very short window to comply, and a much shorter one than most other states. Companies have just 16 months between the passage of this law and its going into effect.
Montana is also putting a ban on TikTok and other social media companies.
The Oregon Legislature passed the Oregon Consumer Privacy Act during last year’s session. It was passed in July of 2023 and goes into effect in July of 2024.
While the law is very similar to the laws passed in Delaware and Colorado, the Oregon act differs in that it looks specifically at data for transgender and nonbinary individuals, and pays close attention to citizenship and immigration status.
They are put under the sensitive data umbrella.
Oregon’s law limits entry-level exemptions for organizations regulated by the Health Insurance Portability and Accountability Act — also known as HIPAA, or the Gramm-Leach-Bliley Act (GLBA).
It does, however, give some data- level exemptions for those organizations.
Source link: PropertyCasualty360.com — https://bit.ly/4aMNVXF