Find an umbrella. . . . The recent deluge of state-level privacy legislation continues. Legislatures in three additional states—Indiana, Montana, and Tennessee—have adopted comprehensive privacy laws. The Indiana Consumer Data Protection Act (ICDPA) was signed into law on May 1, 2023, making Indiana the seventh state to adopt such a law, and legislatures in Montana and Tennessee have passed legislation that is expected to be signed into law by their respective governors soon. Only one month ago, Iowa became the sixth state to adopt a comprehensive privacy law, and, of course, California, Colorado, Connecticut, Utah, and Virginia each have laws that either are already in effect or that will go into effect later his year. Meanwhile, on April 27, 2023, the governor of Washington signed into law the My Health My Data Act, a significant development that will impact many businesses that collect or process consumer health data (expect an update on this topic here soon).
Continue Reading When It Rains, It Pours (State Privacy Laws)