Greetings from Portsmouth, New Hampshire!

As you can see above, I've wandered back into office life here at IAPP headquarters making my way in on a more regular basis the last few months in an effort to finally abandon the rabbit cage I call a one-bedroom remote office. The ability to collaborate with my colleagues face to face again has been invaluable to my work.

Speaking of work, there's been a steady stream of privacy news throughout the summer that doesn't appear to be drying up anytime soon as we hit the fall. The IAPP editorial team has been up to its eyeballs with a host of happenings on a near weekly basis.

As an avid state privacy law tracker, I'll throw out a couple notable updates my colleagues and I have seen and heard around existing and proposed legislation.

  • We reported in Daily Dashboard that Oklahoma lawmakers filed the Oklahoma Computer Data Privacy Act of 2022 ahead of next year's legislative session. State Reps. Collin Walke, D-Okla., and Josh West, R-Okla., had their 2021 bill stopped cold in a Senate committee last session after the bill overwhelmingly passed the Oklahoma House. Walke told me the stonewalled bill and the recently filed bill will both be up for consideration in 2022, essentially leaving lawmakers a choice of preferred path to consumer protection. The 2022 proposal has points of contention, but I was intrigued by its provisions on dark patterns and data minimization on information used for identity verification.
  • The Virginia General Assembly's Joint Commission of Technology Consumer Data Protection Work Group is closing in on its reporting deadline for recommendations on implementing the Virginia Consumer Data Protection Act. Created under a provision of Virginia's law, the group has been tasked with suggesting improvements to the legislation along with best practices for implementation by Nov. 1. The latest meeting held this week brought considerations for altering the definition of sensitive data under the law. The group's August meeting featured recommendations from the office of Gov. Ralph Northam, D-Va., for the law to increase children's data protection and include a universal opt-out mechanism. Only the final report will show what was worthy of thoughtful consideration, so stay tuned here.

For a look back on 2021 state privacy law proposals, I recommend diving into IAPP Westin Research Fellow Sarah Rippy's recently published overview of where we've been and where we might be headed. Her analysis speaks to how common threads between bills may prove important to keep track moving forward.

Be well, friends.