In recent years, there has been a growing trend of states passing laws and regulations to protect the privacy and security of consumers' personal information. In 2023, there are a number of new state laws that businesses need to be aware of.
Utah Consumer Privacy Act (UCPA)
The UCPA, which goes into effect on December 31, 2023, gives Utah residents the right to know what personal information businesses collect about them, to request that businesses delete their personal information, and to opt out of the sale of their personal information.
Connecticut Data Privacy and Consumer Protection Act (CTDPA)
The CTDPA, which goes into effect on July 1, 2023, is similar to the CCPA and VCDPA, but it applies to businesses that collect personal information from Connecticut residents.
Colorado Privacy Protection Act (CPPA)
The CPPA, which goes into effect on July 1, 2023, updates the existing CPA and gives Colorado residents more control over their personal information, such as the right to correct inaccurate personal information and the right to limit the use of their personal information.
What businesses need to do
Businesses should consult with an attorney to ensure that they are complying with all applicable state laws and regulations regarding private information and security. Some general steps that businesses can take to comply with these laws include:
- Develop and implement a privacy policy that explains how the business collects, uses, and shares personal information.
- Provide consumers with access to their personal information and the ability to correct inaccurate information.
- Delete personal information upon request.
- Implement reasonable security measures to protect personal information from unauthorized access, use, disclosure, modification, or destruction.
By following these steps, businesses can help to protect the privacy and security of their customers' personal information and comply with all applicable state laws and regulations.
Additional tips for businesses
In addition to complying with state laws and regulations, businesses can also take a number of other steps to protect the privacy and security of their customers' personal information. These steps include:
- Training employees on privacy and security best practices.
- Using strong passwords and multi-factor authentication.
- Keeping software up to date.
- Being careful about what attachments you open and what links you click on.
- Backing up your data regularly.
By taking these steps, businesses can help to reduce the risk of data breaches and other security incidents. To learn more about whether your business is compliant or not, please contact us today or get a free cyberthreat assessment.
