2022 State of US Data Privacy Law Compliance Report

In May 2017, the world of data privacy was irreparably changed when four members of the Chinese military hacked into credit-reporting company Equifax, exposing the personal information of nearly 150 million Americans. The regulatory response was swift. States amended data breach laws and introduced new ones around data security and consumer privacy. The following May, the European Union’s sweeping privacy law update, the General Data Protection Regulation, took effect, sending ripples across global businesses. The next month brought the passage of the California Consumer Privacy Act (CCPA).

Fast forward to 2022, and CCPA-like consumer privacy laws have passed in four additional states (Colorado, Connecticut, Utah and Virginia). Several states are currently weighing similar comprehensive legislation to protect consumer privacy. While the measures differ in significant ways, they share key tenets, including granting consumers the right to access, correct, delete and transfer personal data, as well as the ability to opt out of certain targeted advertising. At the same time, there has been more focus on regulating increasingly popular forms of consumer data collection, including precise geolocation data and biometric information.

With state laws set to take effect in 2023, companies must take action now to prepare for stricter requirements, surges in data privacy litigation and continued public scrutiny around safeguarding consumer privacy rights. But where do companies stand today?

To find the answer, Womble Bond Dickinson surveyed nearly 200 executives based across the United States. This elite group – 62% of whom hold C-suite titles – comprised decision-makers from company leadership and key departments including information systems and information technology, privacy and security, legal and compliance, operations and finance, and marketing. Check out this resource to view the full report.