Consumer Privacy Team

Although the U.S. has yet to enact a federal consumer privacy law, businesses must increasingly contend with a growing patchwork of consumer protection laws enacted by individual states. As more states legislate consumer privacy, businesses face a daunting task to ensure compliance in all applicable jurisdictions, especially where the law does not exempt employee and job applicant data.

California was the first state in the U.S. to enact a comprehensive consumer privacy law. The California Consumer Privacy Act (CCPA), effective January 1, 2020, requires for-profit businesses that do business in the state and meet certain criteria to provide their California consumers, employees, and job applicants with new privacy rights that give them more transparency and control over the personal information that businesses collect about them. The CCPA has been amended numerous times, including by a voter-approved proposition called the Consumer Privacy Rights Act (CPRA).

Next came the Virginia Consumer Data Protection Act (effective January 1, 2023), followed by similar legislation in Connecticut (effective July 1, 2023), Colorado (effective July 1, 2023) and Utah (effective December 31, 2023). Since then, a number of additional states have passed new consumer privacy laws, including Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, and Texas. Several more state bills are now in the works. As each of these laws have important differences in terms of their applicability (including interpretations of the terms “consumer” and “sale”), the personal information they cover, data handling requirements, and potential penalties, among other provisions, it is imperative to have trusted advisors help guide your compliance strategy.

Fisher Phillips’ Consumer Privacy Team helps businesses comply with every aspect of these expansive privacy measures. Our attorneys guide businesses nationwide, providing tailored plans to mitigate the risk of litigation and exposure to costly fines, and to lawfully safeguard sensitive information. The team includes lawyers across the country from Fisher Phillips’ Privacy and Cyber Practice. In addition to state privacy laws, we advise clients on the European General Data Protection Regulation (GDPR) and other international privacy laws and regulations.

How We Can Help

• Determining whether these laws apply to your business
• Advising on all steps necessary for compliance and providing templates
• Preparing or revising online privacy policies and notices to employees and consumers
• Preparing data security policies and incident response plans
• Advising on security-related steps for compliance, including vetting vendors’ security measures
• Preparing, reviewing, and revising related contract amendments
• Advising on responses to consumer requests
• Defending against litigation and/or enforcement actions

We help with all aspects of state privacy laws, including both employee/job applicant data issues and those involving other consumers. Even if you’re familiar with some of these state requirements, you should not assume you are automatically compliant with all of them. We are your resource for all state consumer protection law compliance.

Our Clients Include:

• Auto and RV dealerships
• Professional Employer Organizations (PEOs)
• Staffing agencies
• HR consulting firms
• Banks and financial services institutions
• Law firms
• Gaming establishments
• Restaurant groups (chains, franchises, etc.)
• Hotels and hospitality groups
• Fitness clubs & gyms
• Retailers
• Online/e-commerce businesses
• Healthcare providers and vendors
• Manufacturers
• Distributors & suppliers
• Construction businesses
• Energy & gas businesses
• Transportation businesses
• Property management companies
• Commercial insurance brokers
• Security services companies (physical and digital protection services)
• Telecommunications/Media companies