This year we will see several new compliance regulations in the United States. As always, it’s important to be aware of these regulations and make sure your organization is compliant with them in order to conduct business safely and avoid legal issues. Domestic companies of all sizes can expect to see a surge and continuation of Zero Trust security recommendations and guidelines, as well as Data Privacy and Protection requirements, related to compliance. This article will provide a look at the landscape around this today and fill you in on the new U.S. compliance regulations in 2023.
Federal Level Regulations
At the federal level, Executive Order (EO) 14028 is meant to improve the nation’s cybersecurity. It applies to federal agencies as well as their suppliers, and the aim is to modernize their approach to cybersecurity by adopting cloud services and implementing a Zero Trust architecture. This also includes a requirement for the supply chain industry, including device manufacturing, and will ripple into contract requirements for federal contractors and software providers.
The Federal Trade Commission (FTC) Safeguard Protections Rule becomes effective on June 9, 2023 and requires non-bank financial institutions (think financial advisors, cash advance, auto dealerships who provide lending services, and others) to protect and secure customer information. These companies are also responsible to ensure that their service providers do the same.
State Level
Meanwhile, the number of states implementing data privacy and protection legislation continues to grow. For the most part, they are reflective generally of the tenets in Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which give consumers control over their private information. These are important privacy laws and will continue to be aspects of compliance that businesses need to consider.
New State Regulations This Year
Active now (February 2023)
- Initially drafted a few years ago to expand upon the CCPA, the California Privacy Rights Act (CPRA) became effective on Jan. 1, 2023. CPRA created a new state agency, similar to data protection agencies in the EU countries charged with enforcing GDPR in the EU.
- The Virginia Consumer Data Privacy Act (VCDPA) also became effective Jan. 1, 2023 and similarly provides for certain GDPR-like individual rights.
Effective July 2023
- The Colorado Privacy Act (CPA) becomes effective on July 1, 2023. In addition to creating rights patterned after the individual rights under GDPR, CPA requires data security and contract provisions for vendors and assessments for “high-risk” processing.
- Like Colorado’s new privacy law, the Connecticut Data Privacy Act (CDPA) goes into effect on July 1, 2023. CDPA also creates a suite of GDPR-like individual rights, and similarly requires data minimization, security, and assessments for “high risk” processing.
Effective December 2023
- The Utah Consumer Privacy Act (UCPA) becomes effective on Dec. 31, 2023. It provides for certain GDPR-like individual rights and requires data security and contract provisions, but it does not include expressly required risk assessments.
While the new state statutes are intended to be comprehensive, they also contain certain carve-outs for data protection under other laws, such as HIPAA.
Why Following Compliance Regulations in 2023 is Important
As with all things tech, this is a rapidly changing landscape that – along with security – holds significant risk potential. Whether you’re launching a start-up and unsure where to start your compliance journey or you’re a seasoned enterprise in a highly regulated environment, we can help you jump start or modernize your Information Management goals through a series of Compliance Accelerators, for wherever you are on your compliance journey. The process can seem complex, disconnected, or confusing to those who are busy starting or running a business – so we’ll make sure you’re set up properly, with quick time to value. Contact us today to learn more about our Compliance Accelerators, and follow our upcoming blog series which will explain the specifics of each one.