The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

Continuing global trends to protect consumer privacy and rein in the exploitation of personal data by organizations, 2023 saw an explosion of comprehensive privacy laws, amendments to existing laws and a proliferation of targeted regulations around the world. 

In the U.S., given the federal government’s continued inability to enact a comprehensive federal privacy law, several U.S. states followed the path first paved by California and enacted comprehensive privacy legislation. 2024 will likely follow a similar trend with additional states aiming to pass comprehensive legislation, and will also see the laws passed in Texas, Florida, Montana and Oregon come into effect. In addition to these new laws, regulatory bodies in California, Colorado and Connecticut took steps to build upon previously enacted privacy legislation with the promulgation of new regulations and amendments to enhance existing statutory requirements. In 2024, practices such as data mapping will remain critical for businesses to determine which state laws may apply to their processing activities based on what data they collect and how it is used. Companies will also need to be prepared to respond to consumer requests from additional states and, in many cases, to recognize universal opt-out mechanisms.

To read the full post, please click here.

For a PDF of the full memorandum, please click here.