Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
April 10, 2023
Well, privacy fans and basketball geeks, it's that time of year when the NCAA tournaments are over – my bracket busted early! Never fear: it's time to choose our favorites and see who will come out the winners in Privacy Bracketology with a review of the consumer privacy legislation making its way through the 2023 U.S. state legislature sessions.
The dark horse in this race was Iowa - they hopped the field, passing a new consumer data privacy law already, which will go into effect in 2025. Let's break down the rest of the field below.
In the West, Washington returns to the field for the fifth year in a row (we’ll call it our fifth-year senior). A veteran contender, the People’s Privacy Act (HB1616/SB5643) is a comprehensive consumer privacy bill with biometrics-specific provisions that would apply to both the public and privacy sectors. We'll see whether this version has the support to push through.
Oregon is a freshman contender with the new comprehensive consumer privacy bill drafted in a collaborative effort between the Oregon attorney general and a working group last fall. Oregon is also debating the Oregon Age-Appropriate Design Code, modeled after California’s recent Act.
Hawaii enters 2023 with SB 974’s Consumer Data Protection Act and SB1110/HB1497 Consumer Data Protection Act moving in parallel paths through the legislature. Both are comprehensive consumer protection versions, with the latter including the provision for private right of action.
Freshman contender Montana has matured the most this season, already progressing to cross-committee review. The Consumer Data Privacy Act (SB384) is an otherwise comprehensive approach to consumer protection which does not include private right of action.
Indiana is another familiar face, where Senate Bill 5 has been reintroduced after a decent showing in the 2022 legislative session. The Indiana bill is closely aligned to the Virginia Consumer Data Privacy Act (VCDPA).
Minnesota’s lawmakers are reviewing multiple bills for biometrics as well as consumer privacy. These bills are young but are expected to go far.
Illinois rebounds with a new player in the field. While other states are seeing Illinois as a model for their own Biometric Information Privacy laws, the shot clock is now running on the Illinois Data Privacy and Protection Act (HB3385). Meanwhile the Right to Know Act (HB1381) runs alongside, focused on the right to access and disclosure of personal information.
Oklahoma’s Computer Data Privacy Act (OCDPA) has a new coach sponsor and remains focused on consumer consent (opt-in) for all personal data collection.
Looking south over the state border, Texas is treating HB4 (formerly HB1844 - Texas Data Privacy and Security Act) as a priority bill. Structured similarly to VCDPA, it is riding momentum after clearing the House Business & Industry Committee with an 8-0 vote.
Kentucky and Tennessee are another pair of neighbors who return together after brief 2022 campaigns. The Kentucky Consumer Data Protection Act (SB15) and Tennessee Information Protection Act (SB73) are aligned to existing protections reflected in other states’ laws.
Another freshman, Maryland’s Online and Biometric Data Privacy Act (SB698/HB807), is a comprehensive consumer privacy bill with biometrics-specific provisions. Maryland is also considering the Biometric Data Privacy Act (HB33/SB169).
New Jersey carries a heavy bench into 2023 led by the comprehensive New Jersey Disclosure Accountability Transparency Act (SB3714/A505). Forget the details of the act: this is my winner for best acronym…do you see it? Notably, this act would establish the Office of Data Protection and Responsible Use in the NJ Division of Consumer Affairs, require affirmative consent, establish consumer rights, and regulate automated decision-making processing. The rest of the field is comprised of proposals targeting ISPs, social media and children, mobile applications and devices, and auto dealers.
Rounding out the region, Florida’s narrowly focused Technology Transparency bill (SB262) would make it illegal for government entities to make certain requests of social media platforms or establish working relationships with social media platforms under certain circumstances, require data controllers obtain affirmative consent for certain data collections, and require reasonable security measures to protect information.
Vermont’s HB121, similar to Washington’s, is a revised and seasoned comprehensive consumer privacy bill with biometrics-specific provisions.
New Hampshire’s SB255 is another freshman contender that would give consumers the right to know when their data is being collected or stored. Consumers would also have the rights to access, correction, deletion, and to opting out of sale for advertising purposes.
Massachusetts returns with the Data Privacy Protection Act (HD2281/SD745), Information Privacy and Security Act (HD3263/SD1971), and Internet Bill of Rights (HD3245) - each seeking to offer consumers control over their personal data.
The 2023 session sees Rhode Island’s slate presenting similarly to Hawaii, with Senate Bill 754, the Rhode Island Data Transparency and Privacy Protection Act, alongside House Bill 5745, the Rhode Island Personal Data and Online Privacy Protection Act. Both are similarly comprehensive consumer protection proposals, with the House version including private right of action.
New York’s roster is also crowded with several potential contenders:
Perhaps the American Data Privacy and Protection Act will bust this bracket at the national level? While we wait, we can do more than sit back and watch. As privacy legislation continues to be debated, there are several steps companies can take to position themselves well for the future:
Stay tuned to see how this legislative session plays out. From my perspective as a privacy geek, when privacy is at the forefront of the discussion, everyone wins. Good luck to the lawmakers who face these decisions, and to the residents of these states where their representatives are working to protect their personal information.
If you have questions about this draft legislation and how it might affect your organization, click here to learn more about our offerings, or drop us a line.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
January 13, 2023
Read up on building trust around personal data usage by providing individuals more transparency, choice and control.
July 01, 2022
This post discusses ADPAA, a federal law focused on consumer privacy rights that's progressed to a bipartisan draft with traction in Congress.
January 25, 2023
This LinkedIn Live panel features expert insights on data privacy – and how to ensure your organization is respectful of it.
Let us know what you need, and we will have an Optiv professional contact you shortly.