Manatt Privacy and Data Security Partner Brandon Reilly was quoted in The Cybersecurity Law Report on Oregon’s Consumer Privacy Act, which made Oregon the 11th state to pass a comprehensive consumer privacy law. He commented on the law’s distinctive elements, as well as Delaware’s recent Personal Data Privacy Act, and their implications for companies’ compliance and the potential impact on privacy law enforcement.
In the article, Reilly discussed the growing consensus between state lawmakers on the scope of these privacy laws as well as how Oregon’s law “breaks new ground” requiring companies to name any third party that received consumers’ personal data, noting that it “is one of the most material distinctions from existing consumer privacy laws.” He continued by discussing the potential operational challenges this may pose to companies, especially since the third parties they do business with constantly change. Reilly concluded by commenting that although the various state privacy laws agree on most issues, idiosyncrasies remain, stating, “Variances are always going to lead to heartburn within regulated businesses, where they will have to determine whether a provision makes a material or a mere linguistic difference.”
Subscribers of The Cybersecurity Law Report can read the full article here.