In a significant development for consumer data protection in the United States, the Delaware Personal Data Privacy Act (DPDPA) became law on September 11, 2023. This adds Delaware to the growing list of states that have enacted comprehensive consumer data privacy laws, which now includes California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA will become operative on January 1, 2025.
This legal milestone emphasizes the concerted efforts to improve the privacy and security of consumer data across the United States. The development of comprehensive data protection standards at a state level indicates the growing importance of consumer data privacy in the legal landscape. As such, it is crucial for corporations and law firms to stay informed about these state-wise changes.
A detailed elucidation of the Delaware Personal Data Privacy Act as provided by Davis Wright Tremaine LLP can be found here.
It is worth noting that the DPDPA, like its counterparts in other states, articulates the rights of consumers regarding their personal data – including the right to access, correct, delete, and port data. Companies, on the other hand, are directed to be straightforward about their data processing practices, particularly the categories of personal information collected, the purposes for this data collection, and how consumers can lodge complaints.
As data privacy laws continue to emerge across states, corporate legal teams should prepare to manage both state-specific compliance and federal privacy laws. This implies developing or refining internal data governance models to adapt to the rapidly changing privacy landscape.
Given the complexity of tailoring compliance programs to multi-state and potentially national privacy legislation, legal professionals would be well-served by closely monitoring this expanding field of law. The importance of thorough and agile planning in the face of these regulatory developments cannot be overstated.