Since the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, “copycat” legislation has been introduced at a dizzying pace by state legislatures across the country. Taking their cues from CCPA, at last count 16 states have borrowed language from California’s watershed law regarding consumer notices, data subject rights requests, and definitions of “personal information, “sale” of data and other key items. The likely intent is to provide equal (or, in some cases, greater) protections to the residents of their states. As a practical matter, however, none of the proposed laws is identical to CCPA (nor to each other); some look to the EU General Data Protection Regulation (GDPR), and each takes a complex approach that requires careful reading. The proposed Washington Privacy Act (SB 6281) has been touted as the most comprehensive data protection law in the United States and combines elements of CCPA and GDPR, adding specific protections for...

Continue Reading