Companies operating in the US can have a complicated web of privacy laws to navigate. State laws create a patchwork of privacy laws that can be more challenging for businesses than a single federal law. First, when legal theories evolve at the state level, businesses that operate across state lines need to monitor the laws of all the states they touch. Second, dissimilar state laws require businesses to sort out how to apply different laws to different consumers.
There are no easy answers for businesses, particularly for smaller businesses that lack internal resources to monitor multiple states’ laws and maintain compliance policies and procedures that work across their entire geographic footprint. That said, there are a few strategies that most businesses should adopt:
- Know what personal information you are collecting, why you are collecting it, and where you keep it.
- Know the laws of the states in which you have offices or customers or are otherwise “doing business.”
- Always consider privacy and data security when you are about to make an investment in computer equipment, software, or a new business line.