A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Indiana, Tennessee, Montana and Texas Pass Comprehensive Consumer Privacy Laws Breadcrumb Home Insights Blog Indiana, Tennessee, Montana and Texas Pass Comprehensive Consumer Privacy Laws June 5, 2023 The momentum for state-level privacy legislation continues to run strong as Indiana, Tennessee, Montana and Texas have all passed comprehensive privacy laws in April and May. With these latest additions, a total of ten states have now passed laws specifically designed to protect their citizens’ personal and sensitive data. While these four new laws carry many similarities to existing state laws, some originality is baked into each: Indiana The Indiana Consumer Data Protection Act will go into effect in January 2026 and closely follows the requirements set forth in the Colorado, Connecticut and Virginia state laws. Covered businesses will have plenty of time to prepare. This is because the law does not go into effect for another 2.5 years. And since this law shares so many similarities with other state laws already in place, compliance shouldn’t provide many additional challenges for those already compliant. One unique caveat does exist: entities licensed as riverboat casinos using facial recognition technology are exempt from the law as long as their program is approved by the Indiana gaming commission. There is a 30-day cure period to address violations before penalties are assessed. Unlike earlier versions of the bill, the signed version does not include a sunset to the right to cure period. Tennessee The Tennessee Information Protection Act goes into effect in July 2024 and also has similar characteristics to existing state laws. However, Tennessee’s law has one of the most interesting provisions in that it requires adherence to the NIST Privacy Framework. The intent is that this framework will be applicable to many different types of businesses and industries. And as these standards change over time, the NIST Framework is the best assurance for data practices and organizations to stay up to date with compliance. This stipulation may also encourage companies to place a higher priority on further maturing their privacy and data governance programs to align with the framework. Montana The Montana Consumer Data Protection Act was signed into law on May 19 and will go into effect in October 2024. A key inclusion in this bill is a universal opt-out mechanism (UOOM) that allows consumers to click a single button to no longer be tracked across all websites they visit. In practice, a consumer sets an “opt-out” preference in their browser, and each website is then sent a signal to opt them out of targeted advertising and sharing of their personal data. The Montana law also offers enhanced privacy requirements for children aged 13–15 by requiring an opt-in default for the sale of their personal information. Texas The Texas Senate passed the Texas Data Privacy and Security Act, which will take effect in March 2024 if signed by the governor. This act was modeled after Virginia’s state law, but it differs in its definition of personal data to include pseudonymous data when used in conjunction with additional information that reasonably links the data to an identifiable individual. It also removes the revenue threshold and requires small businesses to receive consent before selling consumers’ sensitive data. The bill adds that the classification of entities that qualify as a small business be defined by the United States Small Business Administration. The Texas law designates that the Texas Department of Information Resources must oversee implementation. Consumer Rights and Business Requirements offered by all four state laws: Rights Available to Consumers Business Practices Required Right to Access Opt-In by default for sale of data (based on age) Right to Correct Privacy Notice must be available Right to Delete Risk assessments must be conducted Right to Opt-Out of Processing Rights request discrimination is prohibited Right to Portability Data processing limited to specific purposes Right to Opt-Out of Sale Right to Opt-In for Sensitive Data Processing Right prohibiting automated decision making Conclusion This recent burst of legislation serves to highlight two trends. First, in the absence of an all-encompassing federal law, state legislatures have continued to build their own bills from the “menu” of features offered by existing state laws across the country. Second, state governments are responding to data privacy concerns at an accelerating rate – while most recent years saw only one or two pieces of privacy legislation, 2023 has seen five consumer privacy laws passed in just five months. If you have questions about compliance with state privacy laws and how they affect your organization, click here to learn more about our offerings, or drop us a line. By: TJ Carsten SENIOR CONSULTANT - DATA GOVERNANCE, PRIVACY AND PROTECTION | OPTIV TJ Carsten has over 16 years’ experience in both consulting and corporate enterprise data management. He has experience working with medium sized businesses as well as Fortune 500 corporations to build and enhance their data privacy and governance programs. Share: data privacy Data privacy legislation consumer data protection Privacy Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.