Constangy attorneys Carolyn Ho and Sarah Rugnetta authored an article published by The Legal Intelligencer highlighting the new state data privacy laws with July 1 effective dates in Texas, Oregon and Florida.
These latest state-level data privacy rules continue to impose new various requirements on businesses handling consumer data. For each, and as with previous state rollouts, businesses are advised to assess their applicability in order to promptly comply and avoid penalties.
The Texas Data Privacy and Security Act (TDPSA) applies to businesses in Texas or serving Texas residents, excluding small businesses. It mandates consumer consent for selling sensitive personal data and requires universal opt-out mechanisms by January 1, 2025.
Further west, the Oregon Consumer Privacy Act (OCPA) applies to businesses in Oregon or dealing with Oregon residents, with thresholds related to consumer data control or revenue. Nonprofits are generally not exempt unless they are specific types exempted by the law. The compliance deadline for nonprofits is July 1, 2025, and universal opt-out mechanism recognition is required by January 1, 2026.
The Florida Digital Bill of Rights applies to businesses in Florida or serving the state’s residents, with exclusions based on revenue thresholds and specific business activities like online advertising or app distribution. It is noted for its narrow scope compared to other comprehensive data privacy laws.
“With the increase in state-specific privacy laws, the complexity of compliance continues to increase,” Ho and Rugnetta said. “We encourage organizations to carefully consider whether they are covered by these laws, and if so to develop data privacy programs that are tailored to the laws and their industry.”
To view the full article, subscribers may click here.
Ho and Rugnetta also detailed these laws for the Constangy Cyber Advisor, which is available here.