For consumers to reap the benefits of data-driven innovation, it is important that they can trust that their personal information is being protected. There is clearly a need for a unified national data privacy framework; but, to date, the U.S. Congress has not yet acted. Meanwhile, states are not waiting on the federal government. Over half of state legislatures introduced or considered data privacy laws in 2019, and that number is likely to increase in 2020.

Recognizing this reality, Mapping a Privacy Path: Liability and Enforcement Recommendations for States offers state legislators a guide to limit unintended consequences of state privacy and security laws by preventing unnecessary litigation. Among the guidance for state legislators included in the research are suggestions to:

  • preclude private rights of action;
  • include notice and cure period;
  • offer safe harbors;
  • include damage and civil penalty caps;
  • define enforcement actors;
  • limit attorneys’ fees; and
  • curtail municipality litigation.