Keypoint: Although weakened from its original version, the Oklahoma bill would (if enacted) provide substantial privacy rights to Oklahoma residents and, in some respects, provide more privacy protections than found in the CCPA.

On March 4, 2021, the Oklahoma House of Representatives passed the Oklahoma Computer Data Privacy Act by a vote of 85-11 with 5 excused. The bill, which is perhaps best described as a heavily-modified version of the California Consumer Privacy Act (CCPA), will now move to the Oklahoma Senate.

The Oklahoma bill was the subject of extensive reporting last month after a prior version of the bill, which included a private right of action, passed unanimously through the House Technology Committee. However, the private right of action was deleted in a significantly modified version of the bill that was introduced earlier this week.

Yet, even with the amendments, the bill is still notable for at least three reasons: scope of applicability, consent for collection, and opt-in to sales. Below is a high-level summary of the some of the bill’s more notable provisions.

Keypoint: Virginia joins California as the second state to enact state consumer data privacy legislation.

As first confirmed by Amy Miller at MLex, on March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA). The CDPA will go into effect on January 1, 2023. With the enactment of the CDPA,

Keypoint: CCPA-like privacy bills continue to be introduced and work their way through state legislatures.

Those who attended our recent webinar or who subscribe to this blog know that we have been closely tracking proposed CCPA-like legislation in state legislatures across the country. We also launched a 2021 State Privacy Law Tracker to keep pace with the latest developments.

Yet, even with these efforts, there still are numerous developments occurring on a near daily basis. Therefore, we decided to wait until a weekend (when state legislatures are quiet) to provide a summary of where these bills stand. Of course, the contents provided below are time-sensitive and subject to change.

On February 19, 2012, the Virginia House of Delegates voted overwhelmingly to pass the Virginia Consumer Data Protection Act (CDPA). The Senate previously voted in favor of passing the legislation. The General Assembly had been considering the CDPA in a special session after both chambers passed companion bills during the regular session. The Senate and

Let’s face it, tracking all of the proposed CCPA-like state privacy legislation has been nearly impossible. At last count, bills have been proposed in sixteen states, including Virginia, New York, Washington, Oklahoma, Arizona, Florida, Utah, Maryland, and Minnesota.

That’s why we created our new 2021 State Privacy Law Tracker.

The tracker identifies the states

creditcards1iStock_000036595886_Large

Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.

The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) (collectively the “agencies”) are requesting public comment on a proposed rule requiring banks to notify the applicable agency within 36 hours when the banks believe in good faith that a significant cybersecurity event has occurred. Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, 86 Fed. Reg. 2399 (Jan. 12, 2021).

Keypoint: As leadership at the CFPB shifts, responses to the CFPB’s Notice of Proposed Rulemaking to implement Section 1033 of the Dodd Frank Act looms.

More than a decade ago, the Dodd Frank Act created the Consumer Financial Protection Bureau (CFPB) and gave it authority to promulgate rules implementing Section 1033 of the Act. Under Section 1033, upon request, a financial services provider “shall make available to a consumer information in its control or possession concerning the product or service that the consumer has obtained, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.”

Keypoint: Virginia moves closer to enacting consumer privacy legislation.

On January 29, 2021, the Virginia House of Delegates passed HB2307, the Virginia Consumer Data Protection Act (Act) in an 89 to 9 vote. The Act now sits with the Senate Committee on General Laws and Technology. A companion bill, SB 1392, already passed the Senate Committee on General Laws and Technology on January 27, 2021.

According to the Virginia General Assembly Session Calendar, Friday, February 5 is the deadline for each house to complete work on its own legislation, except for the budget bill. The Assembly will adjourn on February 11.

Below is a brief overview of the Act. In addition, on February 17, members of Husch Blackwell’s Data Privacy & Cybersecurity team will host a webinar to discuss all of the CCPA-like privacy bills proposed across the country. To register, click here.

Many thanks to Amy Miller, Senior Reporter, Privacy and Data Security at MLEX Market Insight for alerting us to this development.