Annual Updates to Privacy Policies Reminder and Looking Ahead to 2024
The end of the year is a good time to revisit your organization’s privacy policy to ensure it is accurate and up to date. Notably, at least one state privacy law – the California Consumer Privacy Act (CCPA) – requires that a business review its privacy policy annually. And as new state privacy laws continue to come online, businesses should ensure that their privacy policies reflect the current legal landscape.
Annual Notice Update. The CCPA requires businesses to update their online privacy policies “at least once every 12 months.” While the annual update does not have to occur at the end of the calendar year, if a business last updated its privacy policy to prepare for the amendments to the CCPA that became effective on January 1, 2023, the deadline to revisit and update the business’s policy is quickly approaching.
Privacy Policies Should Reflect the Ever-Changing State Privacy Landscape. Beyond California, 2023 closes out with 12 other states having adopted omnibus privacy laws. The implementation or effective dates for these laws vary, so it is important for businesses subject to these laws to closely track when each new state law takes effect. For 2023, the final state omnibus privacy law to go into effect will be Utah’s, which is set to take effect on December 31, 2023. Businesses covered by the Utah law should ensure that their privacy policies and broader compliance strategies are updated accordingly.
Looking Ahead. Finally, the end of the year is also a good time to take stock of what is to come. For example, 2024 will see new comprehensive state privacy laws take effect in Texas and Oregon on July 1, and in Montana on October 1.
In the absence of federal legislation, businesses should expect state legislatures to continue to take the lead on privacy regulation – both with comprehensive privacy laws and more targeted laws governing certain types of data, such as healthcare-related information. We encourage businesses to stay engaged in monitoring privacy developments on the state level and preparing for the new laws that will take effect in 2024.
***
Wiley’s Privacy, Cyber & Data Governance Team has helped companies of all sizes comply with their state and federal privacy and cyber obligations. Please reach out to Joan Stewart, Kat Scott, or Tyler Bridegan if you need any assistance with your compliance obligations.