In a significant move towards data privacy, Delaware has become the twelfth state to enact major consumer privacy legislation. Governor John Carney has recently approved the Personal Data Privacy Act (PDPA), according to a narrative from Fisher Phillips on JD Supra. It is the seventh state to pass such legislation in 2023 alone, a clear indication of the country’s growing focus on data privacy.
The PDPA presents businesses with an accelerated timeline to adjust their data handling practices and to guarantee consumers’ privacy rights over their personal data collected by covered entities. This newly minted law further imposes a series of related requirements on these entities.
As the nuances of PDPA continue to unfold, it is crucial for Delaware businesses and organizations nationwide to understand what they need to do in preparation for this law. Considering its recent enactment, here are ten key takeaways for businesses navigating the consumer privacy landscape:
- Under the PDPA, consumers gain comprehensive rights over their personal data, including the right to access, delete, and correct it.
- Covered entities must provide clear and timely responses to consumer’s requests about their data.
- Businesses must reevaluate their data handling and management procedures to ensure compliance with the PDPA.
- Companies based outside of Delaware should monitor their data collection and storage practices, particularly if they serve Delaware residents.
- The PDPA applies to a broad range of data, underscoring the need for businesses to monitor all types of data collection.
- PDPA mandates specific methods for businesses to handle consumer data, including requirements for deletion upon request.
- Non-compliance with the PDPA can result in substantial penalties, adding an extra layer of incentive for businesses to adhere to the law.
- The PDPA does not preempt other state laws, which can potentially complicate the legal landscape for companies operating across U.S. jurisdictions.
- Smaller businesses are not exempt from PDPA, although the law does provide some provisions aimed at reducing their burden.
- The PDPA promises to be a moving target with the potential for future amendments, hence organizations must stay vigilant and prepared for any changes.
This rapid evolution in the data privacy landscape should serve as a wake-up call for businesses nationwide. The PDPA not only underscores the significant challenges that businesses need to overcome but also marks a decisive shift towards individuals’ control over their personal information. Navigating these changes will require tactical foresight and continuous learning for businesses at every scale.