POST COVID: The Regulatory Dominoes Have Begun Falling Again
March 11, 2021
The Virginia Consumer Data Protection Act was signed into law on 2 March 2021, making the state second, behind California (California Consumer Privacy Act), in creating a new-GDPR-like privacy law.
A similar law is currently pending in the state of Washington (Washington Privacy Act).
It has long been anticipated that the trend – paused by COVID – toward state-level privacy protections will continue.
“As we put COVID in the rearview mirror, more and more states will adopt this new approach to privacy,” said i-SIGMA CEO Bob Johnson. “On the whole, for i-SIGMA members prepared to respond, this could lead to significant growth.”
Johnson believes it could also lead to a national privacy law.
“The creation of a national data protection and breach notification law in the U.S. has struggled over the past two decades,” says Johnson. “The momentum behind the current trend may finally be enough to make it happen.”
It is worth noting that this trend directly led to new Data Subject Response Policy requirements in NAID AAA and PRISM Privacy+ Certifications. Johnson believes further adjustments are likely, as i-SIGMA fulfills its responsibility to ensure service provider compliance.