New State Privacy Laws Raise Stakes for MSPs
2023 saw a surge in state-level consumer privacy legislation in the US and that landscape continues to evolve rapidly, with individual states taking the lead in the absence of a comprehensive federal law. As of today, 15 U.S. states have enacted comprehensive consumer data privacy laws, granting individuals greater control over their personal information. Three states – Delaware, Iowa, and Tennessee – will see their new data privacy laws go into effect in 2025. Indiana’s law will follow suit in 2026.
What MSPs Need to Know
MSPs and their clients with residents in these states will likely need to revisit their data protection protocols to ensure compliance with new state laws. While not as extensive as California’s CCPA/CPRA, these laws all mandate cybersecurity measures including:
Transparency in privacy practices
Many state privacy laws require a Data Protection Impact Assessment (DPIA) or a similar evaluation. MSP and their clients should initiate planning for these assessments promptly, as they are necessary for systems or applications processing of personal data.
Limited collection of personal data
The primary challenge for MSPs and their clients lies in identifying personal data, particularly sensitive information, as the definitions provided are broad and, in some instances, quite expansive.
Specific regulations for data processors
Another critical task for MSPs is reviewing agreements with partners and clients, as some new laws mandate agreements with detailed consumer privacy terms. It is essential for MSPs and their clients to address these agreements promptly to ensure compliance.
Want to learn all the details? We’ve got the links to help you dig in:
California CCPA/CPRA
Colorado Privacy Act
The Connecticut Data Privacy Act (CTDPA)
Delaware Personal Data Protection
Florida Bill of Rights
Indiana Senate Bill 5 Consumer Data Protection
Montana Consumer Data Privacy Act
New Hampshire SB 255
New Jersey Data Protection Act
Oregon Consumer Privacy Act
Tennessee Information Protection Act
Texas Data Privacy Act
Utah Consumer Privacy Act
Vermont Protection of Personal Information
Virginia Consumer Data Protection Act
Contact Compliance Scorecard
Ask us how we can help you manage compliance by using our 4A govern practices capabilities (Alignment, Authorization, Adoption, Assessment). With our governance-as-a-service platform, you can become a compliance superstar.
“*” indicates required fields
Consent*
The post New State Privacy Laws Raise Stakes for MSPs appeared first on Compliance Scorecard.