Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Failing to Comply With the Slew of New Data Privacy Laws Can Be Costly to Companies

By Payam Khodadadi on May 8, 2023
Email this postTweet this postLike this postShare this post on LinkedIn

Over the past few years, data privacy and security has been the focus of many state legislatures.  CA, CO, CT, IA, UT and VA have already passed comprehensive data privacy laws. Indiana joined them on May 1, 2023 when the Governor signed the latest consumer privacy bill into law.  Many other states have bills in the legislatures that are likely to become law, including FL, MT and TN (where the bills are awaiting the governors’ signatures).   Though most of these laws apply to businesses that control or process personal data of 100,000 or more residents in each of those states, California’s data privacy law applies to any business that has gross annual revenue of over $25M if it collects the personal data of any California resident, which includes employees and business contacts.

If a business is subject to any of these laws, it must comply with a number of requirements.  Among them, the business must: (i) post a compliant data privacy policy; (ii) provide to consumers, with certain exceptions, various rights (e.g., right to know what is collected, right to correct, right to delete, right to opt-out of sale, etc.); (iii) have compliant agreements with any entity to which it discloses personal data or from which it obtains personal data; and (iv) have appropriate data security measures in place.

If a business does not comply, then it can be subject to administrative or civil action by governmental entities, and in some cases private rights of action by individuals (though this is more limited usually to data breaches). The fines can be pretty steep. For example, under CA law, any business that violates the law shall be liable for an administrative fine of not more than $2,500 for each violation or $7,500 for each intentional violation.

In addition to these comprehensive data privacy laws, various jurisdictions have enacted specific laws on various types of personal data, such as the collection and use of biometric data.  The Illinois supreme court has already opened the door to astronomical damages for failure to comply with that law, about which you can read further here. 

For more information, please contact our office and we will be happy to discuss these issues with you in more detail.

Photo of Payam Khodadadi Payam Khodadadi

Payam graduated from law school in the top 3% of his graduating class. Payam practices in the areas of data privacy and security, restructuring and insolvency, and complex litigation. In each year from 2013 through 2020, Payam was selected by the prestigious Super…

Payam graduated from law school in the top 3% of his graduating class. Payam practices in the areas of data privacy and security, restructuring and insolvency, and complex litigation. In each year from 2013 through 2020, Payam was selected by the prestigious Super Lawyers publication as a “Rising Star.”

Read more about Payam KhodadadiEmail
Show more Show less
  • Posted in:
    Privacy and Cybersecurity
  • Blog:
    Password Protected
  • Organization:
    McGuireWoods LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo