Manufacturers have long counted themselves lucky in terms of data privacy laws, generally not being subject to sector-specific privacy laws such as HIPAA in health care, FERPA in education, or GLBA in finance. However, manufacturers' exposure to data privacy laws began to increase with the recent passage of laws in Europe and California. And now, we are seeing many newly enacted and proposed laws across the country that will have a material impact on how many manufacturers nationwide conduct their business. 

In the past few months, we've seen two new privacy laws passed that will apply to many manufactures nationwide - the California Privacy Rights Act and the Virginia Consumer Data Protection Act. Both of these laws will go into effect on January 1, 2023 and companies doing business in, or marketing to residents of, California and Virginia will need to reassess their collection and use of consumer personal information and modify their compliance efforts accordingly.  We are also tracking similar laws being proposed in many additional states, including Connecticut, Massachusetts, New York and Vermont.

All of this means that manufacturers need to begin now to determine if their organization is subject to these privacy laws and how to modify their compliance programs and operations to comply with the new legal obligations. Taking these steps will be necessary to ensure legal compliance, protect the company from lawsuits and government enforcement, and to position the company as a trusted industry partner and leader.

Originally published April 13, 2021

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.