More states are passing or enacting state privacy laws that are called “comprehensive,” but are they really?
Jason C. Gavejian & Joseph J. Lazzarotti of JacksonLewis write:
On May 11, 2023, Tennessee’s Governor signed Senate Bill 0073, the Tennessee Information Protection Act, making the state the eighth state to pass consumer privacy legislation. Tennessee joins California, Colorado, Connecticut, Indiana, Iowa, Utah, and Virginia which have previously passed consumer privacy statutes.
Tennessee’s law will take effect July 1, 2024.
Calling this a “comprehensive” consumer privacy bill seems like a bit of a stretch considering how many exemptions there are:
Among the entities not subject to the Act include Tennessee and state agencies, financial institutions, HIPAA-covered entities and business associates, not-for-profit organizations, and institutions of higher education.
There also are several categories of personal information exempted from the Act, including without limitation personal information protected by the Family Educational Rights and Privacy Act (FERPA) and the Driver’s Privacy Protection Act.
Read more about what the bill does cover at Workplace Privacy, Data Management & Security Report.
Hunton Andrews Kurth writes:
On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA now heads to Texas Governor Greg Abbott for a final signature. If the TDPSA is signed into law, Texas could become the tenth state to enact comprehensive privacy legislation.
The final text of the TDPSA closely follows H.B. 1844, which we previously reported on when it was introduced in the Texas House in February. In addition to the provisions of H.B. 1844, the TDPSA…
Read more about this legislation at Privacy & Information Security Law Blog.