Data Privacy Laws Could Have Big Implications on Indiana Businesses

by Brett Wilson, Mergers and Acquisitions Practice, Densborn Blachly LLP

Beginning Jan. 1, 2020, certain companies doing business in California will have to comply with what is now the nation’s strictest data privacy law – the California Consumer Privacy Act (CCPA). The CCPA is an extraordinary piece of legislation regulating the processing of personal data of California residents. If a business processes personal data of Californians and meets certain threshold requirements, the business will be subject to the new law and its potential penalties for non-compliance. Unintentional violations of the CCPA can result in a fine of $2,500 per person affected; a company’s misuse of 100 clients’ personal data would be a stiff civil fine of $250,000. On top of civil fines, the CCPA provides a private right of action for those affected by certain data breaches.

The CCPA is certainly the most onerous data privacy law in the U.S. and may become the benchmark for the future of U.S. data privacy regulation. U.S. data privacy laws have traditionally only applied to certain industries, such as financial and educational institutions or healthcare providers. In the wake of multiple public personal data privacy scandals and Europe’s adoption of its sweeping General Data Protection Regulation, the U.S. is rethinking how to regulate the processing of personal data. 

Members of Congress currently disagree whether a federal law should preempt stricter state laws or simply serve as the baseline requirement. In the meantime, a variety of data privacy bills have appeared in New York, Illinois, Maryland, Pennsylvania and several other states. While Indiana has not yet taken steps toward its own data privacy law, Indiana businesses will soon have to comply with other states’ laws or perhaps a new, all-encompassing federal law – and it’s in their best interest to start the process now.

Read the rest of the article on Inside Indiana Business here.