In the constantly changing and confusing world of consumer privacy laws, it is more important than ever for businesses to evaluate and reevaluate their collection and use of personal data. There is currently no comprehensive federal consumer privacy law, but as the first quarter of 2024 comes to a close, comprehensive state consumer privacy laws have gone into effect in California, Colorado, Connecticut, Virginia and Utah. Three more states – Texas, Oregon and Montana – have enacted privacy laws that go into effect in 2024, and six states – Delaware, Iowa, New Hampshire, New Jersey, Tennessee and Indiana – have enacted privacy laws going into effect in 2025 and 2026. Seventeen additional states have active privacy law bills and are likely to pass their own privacy laws within the years to come. What this means is that consumer privacy laws are here to stay, and companies who conduct business in the United States cannot ignore their obligations under these laws. Any business that collects personal data from residents of these states may need to comply with these laws, regardless of where that business is located.
As part of its recent bankruptcy proceeding, RadioShack sought to auction off its vast collection of personal information about its customers. However 38 states and the FTC objected to the sale on the grounds that it violated RadioShack's existing privacy policy. The limitations on the transfer of data RadioShack agreed to in an eventual deal with the states shows that companies need to be forward thinking regarding future transfers of data when crafting their data privacy policies.