The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2022”.

For those following data privacy and consumer data protection trends, it should come as no surprise that enacting comprehensive legislation to regulate companies’ use of personal data has continued to be a focal point both internationally and in the U.S., at the federal, state and local levels.

In the last three years, over 10 federal proposals and over 40 state proposals for comprehensive privacy legislation were introduced across the U.S., and we expect this trend to continue well into 2022, given the growing bipartisan support for legislation to protect consumer interests and mitigate against the risks associated with the digital economy. The ever-changing landscape and patchwork of compliance obligations globally will only continue to grow more complex and costly, and may lead to increased regulatory scrutiny and potential enforcement actions despite best compliance efforts.  In the U.S., without comprehensive federal data privacy legislation, businesses remain subject to numerous state laws with ambiguous and sometimes conflicting legal obligations. Trans-Atlantic and other international data flows will only continue to become increasingly difficult and costly to navigate in light of recent developments, including in China, the UK  and the European Union.

To read the full post, please click here.

For a PDF of the full memorandum, please click here.