We have CCPA in California, and GDPR in Europe. If you’re in the contact center business, you need to keep up with the growing number of passed and pending privacy bills in various geographic areas. They vary on coverage, requirements, and penalties. This is a fluid environment, and can change at any time.
I scanned multiple websites to locate and summarize the status of the privacy laws. I’m not a lawyer; my comments are meant to stimulate your investigations into the changing state privacy laws. Some of these laws may end up conflicting with federal legislation, but as that doesn’t appear to be forthcoming any time soon, concerns about that can wait.
The State of the States
Based on a
privacy law comparison table compiled by the International Association of Privacy Professionals, three states have passed privacy regulations at the time of this writing: California, Nevada, and Maine. Meantime, about 300 other state privacy and security regulations are under consideration.
Here’s a sampling of state privacy law initiatives.
- Security Breach Notifications Act
- Social Security Number Protection Act
- Document Safe Destruction Act
- Data Brokers – This would require data brokers that collect and license consumer personal information to register annually with the Secretary of State. Data brokers would need to provide consumers with specified information, including their names, emails, and Internet addresses
Delaware — Online Privacy and Protection Act. This act would prohibit website operators, online and cloud computing service providers, and developers with applications directed at children, from marketing or advertising about specified products or services inappropriate for children’s viewing.
The act has three parts:
- Prohibitions on online marketing or advertising to a child
- Posting of privacy policy by operators of commercial online sites and services
- Privacy of information regarding book service users
Oregon — Chapter 646 Trade Practices and Antitrust Regulation 2019 Edition. According to the
National Conference of State Legislatures, this regulation makes it “unlawful trade practice if a person publishes on a website related to the person’s business, or in a consumer agreement related to a consumer transaction, a statement or representation of fact in which the person asserts that the person, in a particular manner or for particular purposes, will use, disclose, collect, maintain, delete or dispose of information that the person requests, requires or receives from a consumer and the person uses, discloses, collects, maintains, deletes or disposes of the information in a manner that is materially inconsistent with the person’s statement or representation.”
Nebraska — Statute 87-302 (deceptive trade practices; enumerated). This statute would prohibit making false or misleading statements regarding the use of personal information submitted by members of the public in a privacy policy, wherever it might be published or distributed.
New Jersey — Privacy Bill S2834. This bill would require operators of websites or online services to notify customers of the collection and disclosure of their personally identifiable information. The bill would apply to any individual within the state, regardless of residency.
What You Should Do!
Keeping up with proposed and passed privacy regulations won’t be easy. As can be seen by the above examples, not all possible privacy regulations are apparent in their titles. You should bring together a team from the contact center, IT, legal, marketing, and sales departments to monitor and respond to the regulations. You don’t want to be blind-sided by a missed regulation.
In addition, reach out to your contact center provider and request information about how it plans to deal with the regulations. And, have the corporate legal team investigate the liabilities that the software vendor or cloud service will and will not accept. You need to know the possibilities of your organization not complying properly with privacy regulations.
Don’t overlook the training your contact center agents will need to deal with the variety of regulations. They’re the first responders. As each regulation is passed, your staff might require new training.