Minnesota and New Hampshire Join Bipartisan Consortium as Privacy Collaboration Continues Growing Nationwide

News:

SACRAMENTO – Two more states, Minnesota and New Hampshire, have joined the Consortium of Privacy Regulators, a bipartisan effort announced in April to implement and enforce state privacy laws across the country. The states are collaborating on the implementation and enforcement of their privacy laws with the shared goal of protecting consumers across jurisdictions. With the addition of Minnesota and New Hampshire, ten different privacy regulators have now joined this nationwide effort.

This expansion follows Minnesota's enactment of the state's Consumer Data Privacy Act and New Hampshire's Data Privacy Act. Both states enacted these laws last year. Similar to the privacy rights in California and many other states, these laws grant consumers certain rights over how businesses use consumers' personal data, including rights to delete, correct, and opt out. Last year, New Hampshire Attorney General John M. Formella created a new Data Privacy Unit to enforce compliance, and Minnesota Attorney General Keith Ellison is staffing up his office's Consumer Protection Division with additional attorneys and an investigator to enforce Minnesota's new data privacy law.

“We look forward to collaborating with Minnesota, New Hampshire, and states nationwide as we continue growing our collective privacy enforcement apparatus,” said Michael Macko, head of enforcement at the California Privacy Protection Agency. “We're entering a new era of enforcement as state privacy laws continue to harmonize and expand. Our team stands ready to coordinate in ways that protect Californians, promote innovation, and advance our shared goals.”

“Collaboration with states across the country makes it easier for us to protect Californians,” said Tom Kemp, the Agency's Executive Director. “Privacy matters to people, and we're committed to working together to protect these important rights.”

The participating regulators established the Consortium of Privacy Regulators to share expertise and resources, as well as coordinate efforts to investigate potential violations of applicable laws. Although each state has its own law, they share fundamental features to protect privacy with rights to access, delete, and stop the sale of personal information, and similar obligations on businesses. These similarities pave the way for like–minded applications across jurisdictions and give the Consortium the ability to work together on a common goal of promoting the privacy rights of consumers. Commonalities in the laws make this collaboration possible.

The Consortium holds regular meetings and coordinates enforcement, as appropriate, based on the members' common interests. With today's addition, members now include the California Privacy Protection Agency and state Attorneys General from California, Colorado, Connecticut, Delaware, Indiana, New Hampshire, New Jersey, Minnesota, and Oregon.

The CPPA's Recent Enforcement Actions to Protect Californians

The CPPA continues to actively enforce California's cutting–edge privacy laws. Recent actions include:

  • Issuing a decision requiring Tractor Supply Company, the nation's largest rural lifestyle retailer, to change its business practices and pay a $1,350,000 fine for CCPA violations.
  • Issuing a decision requiring clothing retailer Todd Snyder to change its business practices and pay a $345,178 fine for CCPA violations.
  • Issuing a decision requiring American Honda Motor Co. to change its business practices and pay a $632,500 fine for CCPA violations.
  • Securing a settlement agreement requiring data broker Background Alert – which promoted its ability to dig up “scary” amounts of information about people – to shut down or pay a steep fine.
  • Partnering with the data protection authorities in Korea, France, and the United Kingdom to share information and advance privacy protections for Californians.

In addition, the Agency has secured more than half a dozen successful enforcement actions against unregistered data brokers following an investigative sweep launched late last year to assess compliance with the Delete Act.

 

ABOUT US

The California Privacy Protection Agency (CPPA) is committed to promoting the education and awareness of consumers' privacy rights and businesses' responsibilities under the California Consumer Privacy Act.

Individuals can visit privacy.ca.gov to access helpful and up–to–date information on how to exercise their rights and protect their personal information. In addition, the Agency's website provides important information about CPPA board meetings, announcements, and the rulemaking process.