Exterro's E-Discovery & Privacy Breakdown

The world of E-Discovery & Privacy is constantly changing – let us break it down for you with a weekly dose of News, Resources, Case Law, and Humor, all written in a concise and easy to understand format.


3 Privacy Trends from 2021 to Watch in 2022

Created on January 21, 2022

E-Discovery Market Analyst at Exterro

Today, legal departments and their leaders have more and wider-reaching concerns than at any time in the past. Not only must they understand their organization’s litigation landscape, but they must also be prepared to deal with security risks and incidents, compliance with multiple layers of privacy regulations, and provide strategic advice to business leadership.

Doing so requires staying ahead of trends shaping e-discovery, privacy, and digital forensics, formerly disparate fields that are converging in the discipline of Legal Governance, Risk, and Compliance (Legal GRC). High-level lessons apply to all of these fields, concepts like:

  • The importance of implementing and following sound, defensible processes
  • The evolving regulations that are changing our understanding of data rights and privacy
  • The critical role of legal technology in maintaining compliance and defensibility

However, they manifest in unique ways in the world of data privacy. The march of increasing privacy regulation continued—and perhaps even accelerated—across the United States in 2021. We compiled these trends from the top five Data Privacy Alerts from 2021 in Exterro’s library. First, we’ll cover the five most popular alerts, then will dig into the high-level trends they highlight.

5 Top Data Privacy Alerts from 2021

Virginia Passes Consumer Data Protection Act

On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. Virginia is the second state to enact a comprehensive state privacy law, following California, although Virginia’s legislature passed the law on its own, while California’s legislature acted in response to a popular referendum.

Colorado Passes Colorado Privacy Act

On June 8, 2021, the Colorado legislature officially passed the Colorado Privacy Act, establishing consumer rights for residents of Colorado. The CPA will go into effect on July 1, 2023, granting Coloradans the right to opt out, access, correct, delete, and obtain their data from organizations doing business in Colorado.

The First Comprehensive Data Privacy Bill of 2021

The Information Transparency and Personal Data Control Act became the first piece of comprehensive privacy legislation introduced in the 117th U.S. Congress. The proposed federal bill would create protections for the processing of sensitive personal information. For the collection, processing and sharing of non-sensitive information, meanwhile, companies would

be required to allow consumers to opt out at any time.

Ohio Introduces Data Privacy Legislation

On July 13, 2021, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act (OPPA), a comprehensive privacy framework following in the footsteps of recent legislative enactments in California, Virginia, and Colorado. The Ohio Privacy Act differs from other states in that businesses can utilize an affirmative defense from an enforcement action or a lawsuit filed by a consumer if the business complies with a written privacy program that reasonably conforms to the National Institute of Standards and Technology privacy framework.

Massachusetts Information Privacy Act

The Massachusetts Information Privacy Act, Bill S.46 (MIPA) combines the best practices from other states and jurisdictions like California, Illinois, and the European Union to protect people’s privacy, safety, and financial security in the digital world. When passed, this bill could revolutionize data-privacy legislation in the United States.

3 Key Data Privacy Trends to Watch in 2022

Trend #1: The states continue to lead, but perhaps the federal government is ready to act?

In total, 17 states enacted privacy legislation during the year, but The Information Transparency and Personal Data Control Act, introduced in Congress by Rep. Suzan DelBene (D-WA) may be the most important if it’s a signal that the federal government is finally ready to wade into the waters of data privacy legislation.

Individuals’ expectations for privacy rights are justifiably increasing.

The federal privacy bill contained in this collection notably falls short of offering individuals the right to access, correct, or delete their data. But data privacy alerts for state legislation passed in Virginia, Colorado, Ohio, and Massachusetts demonstrates that the states continue to lead the push for individual privacy rights in the US.

Complying with the patchwork of privacy regulations demands technology support.

These state laws differ in enforcement mechanisms, which rights they confer on individuals, and what responsibilities data holders have, but they all remind businesses that they must comply with increasing data privacy regulations. In light of this patchwork of privacy regulations, companies will need to turn to technology to manage their data retention and deletion responsibilities.

Want to learn more about what happened in the world of Legal GRC in 2021? Download the Exterro whitepaper 2021: Legal Governance, Risk, and Compliance Year in Review.