The upward trend in data privacy legislation continued in 2022. According to the National Conference of State Legislatures, “[a]t least 35 states and the District of Columbia in 2022 introduced or considered almost 200 consumer privacy bills,” which is a significant increase from 160 bills in 2021.
Posts tagged as “state data privacy laws”
The Superintendent for the New York Department of Financial Services recently announced a consent order assessing a $4.5 million penalty against a health insurance company for violations of the DFS Cybersecurity Regulations, 23 NYCRR, Part 500.
On Sept. 27, Michigan Sen. Rosemary Bayer and eight fellow Democrat cosponsors introduced Senate Bill 1182, which would create the Michigan Personal Data Privacy Act. The Michigan Legislature remains in session through the end of the year.
On July 29, 2022, the New York Department of Financial Services published pre-proposal draft amendments to its Cybersecurity Regulations, 23 NYCRR 500.00, et seq. , that if adopted will require covered entities to implement numerous policy and operational changes.
On May 10, Gov. Ned Lamont signed into law Substitute Senate Bill 6 (Public Act 22-15), Connecticut’s version of comprehensive consumer data privacy legislation. This makes Connecticut the fifth state to enact such legislation, following California, Virginia, Colorado, and Utah. The Act will go into effect July 1, 2023.
There remain over 30 comprehensive consumer data privacy bills pending in the states, but some are falling off the chart as the legislative sessions come to an end. While the number of active bills is decreasing, there is one new state data privacy law, and others that continue to show movement.





