An Explosion of Activity in the States

December 6, 2018

The 2018 elections brought major changes in state houses and legislatures across the country. There has already been a flurry of activity on privacy and data security issues, and we expect much more to come as the state legislatures convene next month.

There will be nineteen new governors (Democrats picked up seven governorships in Illinois, Kansas, Maine, Michigan, Nevada, New Mexico and Wisconsin). Democrats also scored significant wins in state legislative elections. They gained the majority in six additional legislative chambers, four state legislatures and full control of the state house, senate and governor’s office in fourteen states. There were also eighteen new state attorneys general elected last November, all of whom will be focused on consumer protection issues.

In the absence of federal legislation, state governments have been very active in the past few years on privacy and data security issues to fill the perceived void. Every state now has data breach/security laws on the books and there are numerous bills introduced each year to make changes in those laws. Many of these laws are overlapping but inconsistent, creating major challenges for marketers.

Several states have also considered broad consumer privacy legislation. ANA is a member of state privacy coalitions, which work to respond to these proposals and attempt to bring some level of coherence and uniformity to the patchwork of individual state laws. For example, in 2017 we were successful in blocking overly restrictive ISP privacy bills that were introduced in more than twenty states (including California) after Congress repealed the Obama-era FCC’s broadband privacy rules.

The political environment changed dramatically this year, however, with the passage of the California Consumer Privacy Act (CCPA) in June. That legislation, which has numerous serious defects, was rushed through both houses of the California Legislature, passed unanimously in both bodies and delivered to the governor in less than a week. We are working with our member companies and other industry groups to try to fix some of the most serious problems with the CCPA. The CCPA also requires that the state AG carry out a systematic rulemaking to clarify various provisions of the law. We will be providing the California AG’s office input on areas that need to be resolved in regard to the CCPA law. Also, in conjunction with the California Chamber of Commerce we will be fostering new corrective legislation to be introduced next year.

In the meantime, there has already been a flurry of activity in other states. Broad consumer privacy legislation is being introduced in Washington State and New Jersey and we expect “California-style” bills in several other states. Data breach legislation is now under active consideration in Massachusetts, Oregon and Michigan and will be introduced in other state capitols.

Consumer privacy and data security legislation will be ANA’s number one priority for 2019, both in the Congress and the states. We will be working to preserve the ability of marketers to collect and use consumer data in a responsible manner and to continue to drive efficient and effective economic activity.


You must be logged in to submit a comment.