Keypoint: Florida moved one step closer to passing consumer data privacy legislation although differences between the House and Senate bills need to be resolved if the legislation is to pass the legislature.

On April 21, the Florida House of Representatives overwhelmingly passed HB 969 by a vote of 118 to 1. The bill was subsequently referred to the Senate Rules Committee.

Meanwhile, the Senate is still considering its version of consumer data privacy legislation, SB 1734. On April 9, the Senate bill was placed on the calendar for a second reading, but it has not moved since.

Keypoint: This week Florida’s two bills continued to progress, the Washington Privacy Act failed to pass out of the House at the deadline (but the bill sponsor says it is still alive), new bills were introduced in Pennsylvania and North Carolina, and Maryland’s bill died.

Below is our eighth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: President Biden shows a strong preference for the cybersecurity expertise of former National Security Agency (NSA) leaders with his choices for significant cyber roles within his administration.

On April 12, 2021, the White House announced that President Biden selected two individuals to join his administration in the area of cybersecurity. Mr. Chris Inglis is nominated to be the first national cyber director, and Ms. Jen Easterly is nominated to serve as the new director of the Cybersecurity and Infrastructure Security Agency (CISA). Both positions require confirmation by the U.S. Senate.

UPDATE: The below post discusses whether the Washington Privacy Act is still alive notwithstanding that the House failed to pass the bill prior to the April 11 deadline. In a tweet, bill sponsor Reuven Carlyle stated: “The bill remains alive through the end of the Legislative Session.”

Keypoint: This week bills in Florida and Connecticut continued to progress, the Washington Privacy Act failed to get out of the House at the deadline, and bills in Oklahoma and West Virginia died.

Below is our seventh weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: It was another busy week with developments in Washington, Florida, Oklahoma, Alaska, Nevada, and Rhode Island.

For the sixth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three notes.

First, we are pleased to announce the results of our poll on whether to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – the CDPA or VCDPA. By an overwhelming 85-15% margin readers prefer VCDPA to CDPA.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.

On March 11, 2021, Utah governor Spencer Cox signed the Cybersecurity Affirmative Defense Act, which creates affirmative defenses to certain causes of action arising out of a breach of system security.

Keypoint: There were a number of notable developments this week: the Washington Privacy Act passed out of a house committee after adding a private right of action, there was more movement on the Florida and Connecticut bills, and Nevada lawmakers introduced companion bills that would expand the state’s right to opt out of sales.

For the fifth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.

First, there has been so much debate about what to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – that we started an online poll. Tell us whether you think the law should be called the CDPA or VCPDA. We will keep voting open until April 2 and release the results on our blog.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: Proposed bills would amend Nevada privacy legislation to provide consumers with a broader right to opt out of sales.

In 2019 – shortly after the CCPA was enacted – Nevada amended its online privacy notice statutes, NRS 603A.300-360, to provide consumers with the right to opt out of sales. However, contrary to the CCPA’s broad definition of “sale,” the Nevada law defines sale narrowly as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”

Keypoint: It was another busy week with bills introduced in Colorado, New York and West Virginia, a committee hearing in New Jersey on three bills, a public hearing in Washington on the Washington Privacy Act, the Oklahoma bill was referred to the Senate Judiciary committee, one Florida bill passed out of committee, and a hearing was set on the other Florida bill.

For the fourth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.

First, there has been so much debate about what to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – that we started an online poll. Tell us whether you think the law should be called the CDPA or VCPDA. We will keep voting open until April 2 and release the results on our blog.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Fraser, ColoradoKeypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences.

On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act (SB21-190).

The bill is similar to Virginia’s Consumer Data Protection Act (VCDPA) and the Washington Privacy Act (WPA) but contains notable differences, including with respect to the scope of its exemptions and the rights it would provide to Colorado residents.

Senator Rodriguez (Democrat) and Senator Lundeen (Republican and minority whip) sponsored the bill, signaling that it has bi-partisan support. The bill has been assigned to the Senate’s Business, Labor and Technology Committee, which Senator Rodriguez chairs.

According to the legislative calendar, the deadline for bills to pass out of the Senate is April 7, 2021, which means the bill will have to move quickly.

Below is a general overview of the bill as introduced.