KMK Law Cybersecurity & Privacy Blog

Four years ago, the European Union (“EU”) began enforcement of the General Data Protection Regulation (“GDPR”). The GDPR is a comprehensive data privacy law enacted to create a standardized and cohesive data privacy framework across all EU member countries. The GDPR has since encouraged the adoption of data privacy laws throughout the world,^[1] such as the California Consumer Privacy Act. Businesses in the United States that process^[2] personal data of European residents, after it has transferred from a country in the European Economic Area to the United States, must ...

On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) into law. The UCPA, which will become effective December 31, 2023, largely mirrors the Virginia Consumer Data Privacy Act (“VCDPA”), explained in more detail here, or Europe’s General Data Protection Regulation (“GDPR”).

The Colorado Privacy Act (the “CPA”) was signed into law on July 8, 2021 by Governor Jared Polis, only 6 months after Virginia enacted its data privacy law, the Virginia Consumer Data Privacy Act (“VCDPA”).

As we ring in the New Year, privacy professionals are collectively holding their breath: January 1, 2020 marked the effective date of the California Consumer Privacy Act, also known as the CCPA.

Every month, we see a new set of privacy best practices or a new set of regulations proposed or adopted by a state, Congress, the White House, or countries around the globe. The versions of best practices continue to multiply and the layers of regulation continue to expand. Every new group or political entity wants to out-perform the last – but has this one-upmanship gone too far?