However, the bills do diverge in a few notable ways, including: The two bills share many similarities, including similar provisions as to, for example, consumer data rights, privacy notices, data protection assessments, and exemptions. We are happy to answer any questions you have about these two bills and their implications for your company’s privacy compliance program. We also provide a general summary of each bill’s key provisions. In this post, we summarize key takeaways from the pending enactment of the Montana and Tennessee bills, in particular highlighting notable distinctions between the two pieces of legislation. In addition, the Montana bill will require businesses to recognize opt-out preference signals by January 2025. For example, the Tennessee bill requires that businesses implement a privacy program compliant with the National Institute of Standards and Technology (NIST) privacy framework (and provides a corresponding safe harbor for companies that adhere to this requirement). That said, the two bills do contain a few provisions that businesses should pay close attention to. In addition, neither bill includes provisions allowing for AG rulemaking or the creation of a separate privacy enforcement entity (a la the California Privacy Protection Agency). Neither bill contains a private right of action (both laws can only be enforced by each state’s attorney general’s (AG) office), and both bills contain a 60-day cure period for violators. Overall, the Montana and Tennessee bills continue a trend - also on display in the recent Iowa and Indiana bills - of state comprehensive privacy laws that generally follow the models set forth by Virginia and Connecticut, particularly in terms of having limited enforcement mechanisms. Washington state also passed a privacy law that, while technically only applicable to “health” information, has definitions broad enough to apply to other categories of data, as well (that are not traditionally thought of as health data). In addition to Montana and Tennessee, Iowa and Indiana have passed their own comprehensive privacy laws this year. The imminent passage of these bills continues what has been a notably busy year for legislation. If enacted, the Montana and Tennessee bills would become the nation’s eighth and ninth state comprehensive privacy laws (joining California, Colorado, Virginia, Utah, Connecticut, Iowa, and Indiana). Both bills will now move to their respective governors’ desks for signature. Meanwhile, the Tennessee state senate passed the Tennessee Information Protection Act ( HB 1181) in a similarly unanimous 29-0 vote. In Montana, the state senate passed an amended version of the Montana Consumer Data Privacy Act ( SB 384) in a unanimous 50-0 vote. On Friday, April 21, the Montana and Tennessee state legislatures approved comprehensive privacy law proposals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |