The trend toward increased regulation of consumer data continues in the US, with both Washington state and Indiana having active bills under debate in their legislatures. Washington has no fewer than three bills pending, each with different supporters; and Indiana has one bill under way.
The bills would adopt different approaches, but each copies from predecessors such as the EU's GDPR and California's CCPA. This is the fourth year in a row that Washington has tried to pass privacy legislation, but the legislature lacks consensus on how broad such a measure should be.
Why It Matters
The state legislatures in the US are increasingly stepping into the void created by the lack of federal privacy legislation. California, Virginia, and Colorado have all passed comprehensive state privacy laws since 2018; and at least half the states have considered a privacy bill. Companies that collect or use electronic data -- about consumers, employees, and other individuals -- may become subject to multiple levels of compliance regarding how they must secure this data, give notice about their data practices, and use such information once collected. The laws apply equally to B2C and B2B companies. They also apply across state lines. Finally, they apply to both large and small/medium businesses.