Exterro's E-Discovery & Privacy Breakdown

The world of E-Discovery & Privacy is constantly changing – let us break it down for you with a weekly dose of News, Resources, Case Law, and Humor, all written in a concise and easy to understand format.

< BACK TO ALL STORIES

Washington State Proposed Privacy Law

Created on June 5, 2020


Demand Generation Manager, Exterro

Why This Privacy Law is Important:

If passed, the Washington Privacy Act would enact a comprehensive data protection framework for Washington residents that includes individual rights that mirror and go beyond the rights in the California Consumer Privacy Act (CCPA), as well as a range of other obligations on businesses that do not yet exist in any U.S. privacy law.”

Included in the law is a regulation of facial-recognition technology. The WPA would require affirmative, opt in consent as the default requirement for facial recognition.

Overview/Status of Bill:

It is an updated version of the bill that made significant progress in 2019. After a nearly unanimous vote in the Washington Senate, the 2019 bill failed to pass the House of Representatives.

Need to Know Information:

  • Who it Applies To: Legal entities that conduct business in Washington OR produce products or services targeted to Washington residents. The Act would not apply to state and local governments or municipal corporations.
  • What is Covered: “personal data” in the WPA is defined broadly as “any information that is linked or reasonably linkable to an identified or identifiable natural person” (not including de-identified data or publicly available information “information that is lawfully made available from federal, state, or local government records”), with specific provisions for pseudonymous data.
  • How to Comply: The WPA creates five consumer rights: a right of access, a right to correction, a right to deletion, a right to data portability, and a right to opt out. The WPA would require companies to provide a Privacy Policy to consumers that is “reasonably accessible, clear, and meaningful,”
  • Potential Penalties: The WPA caps civil penalties for controllers and processors in violation of the Act at $7,500 per violation.