July Data Privacy Law Updates


July Data Privacy Law Updates



July was an incredibly busy month on the privacy front with a host of new data privacy laws coming into effect.  

United States 

  • The New York City Council has approved a bill requiring third-party food delivery services to share customer data with restaurants. Despite privacy concerns, the law is expected to pass Mayoral approval. 

  • Also in New York, a new Biometrics Privacy Law has taken effect, limiting the collection and use of biometric data.  

  • The Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act has been introduced in Senate. The new bill draws on a draft data privacy bill first introduced in 2019. 

  • The Cyber Incident Notification Act was also introduced in Senate. If passed into law, federal agencies would be required to report cybersecurity incidents when identified. 

  • The Uniform Law Commission approved the Uniform Personal Data Protection Act (UPDPA), a privacy law template U.S. states can adopt or use as the foundation for their own legislation.  

  • The Ohio Personal Privacy Act was introduced by the House of Representatives. The law would grant consumers in Ohio greater control over their personal data. 

  • The Colorado Privacy Act officially came into effect on 8 July 2021. 

  • The South Carolina Biometric Data Privacy Act, regulating the use and collection of consumer and employee biometric data, is currently pending approval.  

  • The State of Nevada enacted an amendment to its online privacy law, which will come into effect on 1 October 2021. The amendment targets data brokers and gives consumers the right to opt out of sales and marketing messaging.  

  • Connecticut Governor Ned Lamont approved two new cybersecurity laws, An Act Concerning Data Privacy Breaches and An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses. Both will take effect from 1 October 2021. 


Rest of the World 

  • The government of Alberta, Canada, is seeking public feedback regarding the improvement of the province's Personal Information Protection Act and the Freedom of Information and Protection of Privacy Act. 

  • The Senate of Zimbabwe has passed the Cybersecurity and Data Protection Bill and it is now pending presidential approval. 

  • The Shenzhen Special Economic Zone Data Regulations was passed at the regional level and will come into effect 1 January 2022. 

  • The National People’s Congress of China passed a new Data Security Law (DSL) which goes into effect 1 September 2021.  

  • In the Philippines, a bill to amend the Data Privacy Act of 2012 was approved. Updates include a change to the definition of sensitive information. 

  • South Africa’s Protection of Personal information Act (POPIA) came into full effect on 1 July 2021.  

  • Singapore’s Personal Data Protection Commission (PDPC) has updated its privacy legislation to include mandatory breach notifications and greater penalties for data misuse.  

  • The Brazilian Data Protection Law (LGPD) came into full effect on 1 August 2021. 

  • The African Republic of Cape Verde passed a new law amending its Data Protection Act 2001. 


Take the first step towards a clean compliance slate by introducing sensitive data discovery and data masking to your security framework. Hush-Hush data privacy tools were designed in line with the requirements of data privacy laws such as the GDPR, HIPAA and GLBA.


Start your free trial today.  


BuildNumber = dev_20210906.1