United States of America: Passed Data Privacy and Protection Act (LD 1977/HP 1270) including data protection regulation

On 26 March 2024, the Data Privacy and Protection Act (LD 1977/HP 1270) was passed. The Act prohibits a covered entity from collecting, processing or transferring data unless the collection, processing or transfer is limited to what is reasonably necessary and proportionate to provide or maintain a specific product or service requested by the individual to whom the data pertains. Entities would also be required to make a privacy policy that provides a detailed and accurate representation of the entity's data collection, processing, and transfer activities publicly available. The Act also outlines mandatory security practices for covered entities and outlines the requirements and standards of covered data and sensitive data.