While it is impossible for a business to become an expert in all the laws related to data privacy and security, it is our hope that this Guide will at least provide a basic understanding of the wide variety of laws and how those laws may impact your business. This Guide was prepared for Minnesota-based businesses. Data, however, crosses state and national borders, and thanks to the Internet, most businesses have now become global. It is no longer safe to just consider Minnesota and U.S. laws and federal regulations when it comes to data privacy and security. For this reason, we have included some basic information on data privacy laws outside of the United States. The USA had long been deemed a country without adequate data security safeguards by the EU governmental authorities. As a result, a business in the USA could not transfer personal data of a European resident to a server in the USA without a proper legal mechanism. In 2023 the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, allowing for the transfer of personal data to the USA. European and U.S. organizations now have a new framework for data transfers across the Atlantic. This relatively new Data Privacy Framework is discussed in the Guide. The Standard Contractual Clauses and Binding Corporate Rules which are also discussed in this Guide remain valid and appropriate legal mechanisms for data transfer. Businesses should perform data mapping to find out what personal information they collect and for what purposes, revise their website privacy policies, implement data security safeguards, review vendor agreements, create new procedures to respond to consumer requests for access to, correction, or deletion of data, purchase cybersecurity insurance, and take other activities necessary to comply with the CCPA/ CPRA and other state data privacy laws as well as the GDPR if personal data of EU residents is collected. ix
Made with FlippingBook - Online Brochure Maker