A US Federal Privacy Law Will Be No Magic Bullet
Who in their wildest dreams would imagine corporate general counsel (GC) clamoring for more regulation? Despite the prospect of additional statutory hoops to jump through, this is the sentiment heard at a recent in-person roundtable I attended and was the number one topic of conversation among a group of senior GCs, who expressed their desire for federal privacy legislation to replace the mash-up of different state privacy compliance laws. For years, GCs have skirted the issue with ever-increasing levels of budget and manpower, but they are eager to see this burden alleviated by an overarching federal law that delivers consistency, predictability, and clarity.
These hopes are showing some signs of becoming reality. Following the 2020 US election and a string of pandemic-induced delays, proposals for federal privacy legislation are moving ahead. In particular, a bill sponsored by US Rep. Suzan DelBene (D-WA) is supported by multiple stakeholders ranging from tech giants to corporate GCs, whose privacy holy grail would be a single, comprehensive federal law that would reduce the growing burden of privacy compliance. These views are representative of nationwide concerns about the difficulty of privacy compliance under the current fractured, state-by-state system.
Almost without exception, corporations want and need to be compliant—particularly if they are publicly listed. Yet privacy compliance is becoming more and more difficult to navigate, as the landscape has become so confusing: California, New Mexico, Maine, and Virginia, for example, already have significant consumer privacy laws; New York, Massachusetts, Maryland, and Hawaii have new laws in the works. Some 25 additional states are at various stages of the legislative process, with some holding out altogether and playing the waiting game. It’s no wonder this patchwork approach is a challenge for any organization with a nationwide footprint to navigate. This complexity has a significant impact on the administrative and financial overhead of compliance professionals, as well as their organizations’ potential exposure.
Demand for concrete and consistent federal privacy guidelines is real and growing, and our multijurisdictional approach to privacy is certainly a key driver. However, there is another driver for change that receives less attention but is equally important: data.
Read the full piece here; https://bit.ly/3qAiRDU
Copyright  CEP Magazine, a publication of theSociety of Corporate Compliance and Ethics (SCCE).