We live in an age where data privacy is paramount to not only individuals but also businesses. Regulatory authorities across the globe are developing complex and strict comprehensive data privacy laws to safeguard the confidentiality and integrity of citizens’ data and give them better controls on how they want businesses to handle their data. Louisiana acknowledges the dire need for comprehensive data laws, and thus, the state legislature has introduced the Louisiana Consumer Privacy Act (HB 947).
If passed, the Louisiana Consumer Privacy Act is positioned to serve the state as a critical framework to ensure utmost data privacy and protection.
Understanding Louisiana's Consumer Privacy Act
1. Overview of the Law
Louisiana data privacy law has introduced strict provisions for the collection, processing, storage, and sharing of personal data operating in the state. It further provides a threshold to define the scope of the law. The law applies to businesses that have an annual revenue of $25 million or more and meet one of the following conditions:
- Control and process the personal data of at least 100,000 Louisiana residents; or
- Derive 50% of gross revenue from the sale of personal information of at least 25,000 Louisianian residents.
2. Key Provisions
a. Privacy Notices
The law requires covered businesses to maintain clear and transparent privacy notices that are readily available to users. The privacy notice should provide information related to the business's data collection and processing practices, the purpose of processing, the categories of personal data collected and shared, etc.
b. Data Security Measures
Similar to other data privacy laws, Louisiana’s consumer privacy law also provides a standard framework for data security measures. The law requires businesses to adopt and implement enhanced technical, physical, and administrative data security mechanisms to ensure users’ personal data’s confidentiality and integrity and safeguard the data from unauthorized access.
Similarly, businesses are required to conduct data protection assessments of such processing of personal data that pose a heightened risk of harm to individuals.
c. Consumer Rights
The law empowers users with a similar set of privacy rights as provided by other state data privacy regulations. The right to confirm allows individuals to confirm whether the organization collects and processes their personal data. The right to access requires businesses to provide users with access to some of their personal data. Individuals can further request businesses to correct any inaccuracies or incomplete information.
The right to delete allows users to request the deletion of their personal data. Users can further exercise their right to opt out of the processing of personal data for targeted advertising purposes or the sale of personal data.
d. Enforcement
The state Attorney General of Louisiana has the exclusive right to enforce any violations, recover damages from individuals, and impose civil fines of up to $7,500 per violation.
Conclusion
Louisiana’s Consumer Privacy Act plays a significant role in the protection of individual’s personal data and the promotion of their privacy rights. Businesses operating in the state must learn more about the state privacy law and take proactive steps to meet compliance.
