Show Notes

Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter

Show Transcript

Georgia On My Mind 

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 4, 2022. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This time of year, sports fans have shifted from football to basketball and soon to baseball. However, another season starts in January each year – the legislative season when about half of the state legislatures are in session to take up the People’s business. A proposed Georgia privacy law could lead to the most aggressive privacy legislation in the country. 

This season, some 25 states will consider comprehensive privacy laws, most of which will not pass. Some proposed state privacy laws are relatively weak, and most are middle of the road. However, the recently introduced Georgia bill stands out for its aggressive nature and for being the state that may adopt it. In honor of what could be the Nation’s most pro-consumer privacy law from the most unlikely of places, we’re calling this week’s episode: Georgia On My Mind

Most Aggressive State Privacy Laws 

Currently, California holds the title to the Nation’s most pro-consumer privacy law. The California Consumer Privacy Act (CCPA) has less than a year to live before it’s replaced by an even more aggressive privacy law approved by California voters known as the California Privacy Rights Act (CPRA). Modeled in part after the European Union’s General Data Protection Regulation (GDPR), these laws give individuals access to information about them and some control over how their personal information is used, by whom, and for what purpose.  

Proposed Georgia Privacy Law 

Now, here comes a bill filed in the Georgia Senate by the Senate leadership that would be the strictest privacy law in the country if adopted in its current form. The key provisions that put the Georgia privacy law ahead of California’s privacy laws include: 

Consumers must give permission for their personal information to be collected before a company can do so. That can be a real problem for website owners. 

Consumers must opt-in to the sale of their personal information. The California, Virginia and Colorado state privacy laws only give consumers the right to opt-out of data sales. 

The proposed Georgia privacy law goes beyond other state privacy laws that allow consumers to request data to be deleted by creating a “Right to Be Forgotten” similar to the EU’s GDPR. In other words, deleting information in a database is not enough. Organizations would have to remove any public posting of consumer information, including links on search engines, websites and social media posts. 

The most controversial provision may turn out to be the enforcement mechanism. California’s laws allow individuals to sue only in the event of a data breach and only then if certain data is involved. The Georgia privacy law, if enacted, would create a blanket private right of action for violating any provision of the law. Individuals could recover actual damages and statutory damages of $2,500 per violation or $7,500 per violation if the action was intentional. 

Other Provisions in the Proposed Georgia Privacy Law 

The Private Right of Action is one of the two primary stumbling blocks to Congress passing a comprehensive federal privacy law. 

There’s a lot in and about the Georgia privacy law proposal that is surprising. Georgia is home to some of the largest data-centric businesses in the world that would be directly and significantly impacted by this proposed law. Also, a very progressive privacy law is being championed by some of the most conservative lawmakers in the country.  

Only time will tell if this proposal makes it out of the Georgia Senate and House, then signed into law by the governor. If so, how will the final version of the Georgia privacy law compare to the one that exists today? One thing is certain – if it doesn’t pass this legislative season, like any Washington Nationals baseball fan can tell you, there’s always next year. 

Contact the ITRC 

If you want to learn more about protecting your personal or business information, or if you think you have been the victim of an identity crime or compromise, visit our new website at our old web address www.idtheftcenter.org. You can speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST).  

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. ITRC CEO Eva Velasquez and cryptocurrency expert Seth Sattler talk about the identity risks and rewards of digital currency. 

Thanks again to Experian for supporting the ITRC and this podcast. We’ll be back next week with a new episode of the Weekly Breach Breakdown