Image of checking off requirements for new compliance regulations in 2023

New Compliance Regulations in 2023

This year we will see several new compliance regulations in the United States. As always, it’s important to be aware of these regulations and make sure your organization is compliant with them in order to conduct business safely and avoid legal issues. Domestic companies of all sizes can expect to see a surge and continuation of Zero Trust security recommendations and guidelines, as well as Data Privacy and Protection requirements, related to compliance. This article will provide a look at the landscape around this today and fill you in on the new U.S. compliance regulations in 2023.

Federal Level  Regulations

At the federal level, Executive Order (EO) 14028 is meant to improve the nation’s cybersecurity. It applies to federal agencies as well as their suppliers, and the aim is to modernize their approach to cybersecurity by adopting cloud services and implementing a Zero Trust architecture. This also includes a requirement for the supply chain industry, including device manufacturing, and will ripple into contract requirements for federal contractors and software providers. 

The Federal Trade Commission (FTC) Safeguard Protections Rule becomes effective on June 9, 2023 and requires non-bank financial institutions (think financial advisors, cash advance, auto dealerships who provide lending services, and others) to protect and secure customer information. These companies are also responsible to ensure that their service providers do the same.  

State Level 

Meanwhile, the number of states implementing data privacy and protection legislation continues to grow. For the most part, they are reflective generally of the tenets in Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which give consumers control over their private information. These are important privacy laws and will continue to be aspects of compliance that businesses need to consider.

New State Regulations This Year

New Compliance Regulations in 2023 1

Active now (February 2023) 

Effective July 2023

  • The Colorado Privacy Act (CPA) becomes effective on July 1, 2023. In addition to creating rights patterned after the individual rights under GDPR, CPA requires data security and contract provisions for vendors and assessments for “high-risk” processing.  
  • Like Colorado’s new privacy law, the Connecticut Data Privacy Act (CDPA) goes into effect on July 1, 2023. CDPA also creates a suite of GDPR-like individual rights, and similarly requires data minimization, security, and assessments for “high risk” processing.  

Effective December 2023

  • The Utah Consumer Privacy Act (UCPA) becomes effective on Dec. 31, 2023. It provides for certain GDPR-like individual rights and requires data security and contract provisions, but it does not include expressly required risk assessments.  

While the new state statutes are intended to be comprehensive, they also contain certain carve-outs for data protection under other laws, such as HIPAA.   

New Compliance Regulations in 2023 2

Why Following Compliance Regulations in 2023 is Important

As with all things tech, this is a rapidly changing landscape that – along with security – holds significant risk potential. Whether you’re launching a start-up and unsure where to start your compliance journey or you’re a seasoned enterprise in a highly regulated environment, we can help you jump start or modernize your Information Management goals through a series of Compliance Accelerators, for wherever you are on your compliance journey. The process can seem complex, disconnected, or confusing to those who are busy starting or running a business – so we’ll make sure you’re set up properly, with quick time to value. Contact us today to learn more about our Compliance Accelerators, and follow our upcoming blog series which will explain the specifics of each one.

1 Comment

  1. RRMA Global on May 5, 2023 at 5:25 am

    Thank you for sharing this informative article on the new compliance regulations that are set to take effect in 2023. The article provides a comprehensive overview of the key compliance requirements across different industries, including healthcare, finance, and data privacy. The author’s practical tips on how organizations can prepare for these new regulations are especially helpful for businesses looking to stay ahead of the compliance curve. The article highlights the critical importance of complying with these new regulations, given the potential legal and financial consequences of noncompliance. Overall, a well-written and insightful piece that will be of great interest to compliance professionals, business owners, and anyone looking to stay informed on the latest compliance trends

Leave a Comment