Marking Data Privacy Week With Four 2024 Predictions

January 31, 2024
Privacy, Cyber & AI Decoded

Data Privacy Week is always ongoing! Here are some of Hinshaw's top data privacy law predictions for 2024.

1. New State Data Laws Will Continue to be Adopted in 2024, Varying in Scope and Enforcement Mechanisms

There will be an increase of state privacy laws that are focused on not just new comprehensive consumer privacy protections but focused on consumer protections for the processing of certain types of data such as biometrics, health care data and genetic data, or certain types of data use such as in AI, by data brokers or targeted ads to children.

These patchwork quilt of laws will have varying enforcement mechanisms from Attorney General/consumer protection agency enforcement to a private right of action. We do not foresee any comprehensive federal privacy law being enacted in the near future because of the ongoing dispute regarding whether the federal law will preempt the various state laws, and as many states have significantly increased their enforcement staff over the last few years. We also see class action lawsuits growing with new private right-of-action statutes.

2. Increased Regulatory Enforcement of Cybersecurity Requirements for Financial Information

In 2023, the New York State Department of Financial Services (NYDFS) promulgated its revised cybersecurity regulations, and the Federal Trade Commission (FTC) updated its requirements to its Safeguards Rule. In addition, California already has a requirement to have reasonable security for consumer financial data and a private right of action in the event of certain breach circumstances. We expect enforcement of these laws to grow in 2024, given financial data breaches continue to rise. New York's Attorney General Letitia James already proved this prediction to be true this month.   

3. Increased Fair Credit Reporting Act Claims

We are seeing an explosion of consumer Fair Credit Reporting Act Claims. These lawsuits are being filed against credit reporting agencies (CRAs) and data providers. The Consumer Financial Protection Bureau (CFPB) has asserted that the duty to investigate a dispute applies not only to factual disputes but also to disputes that are legal in nature. We expect this trend in legal filings to continue in 2024. 

4. Increased Regulatory Scrutiny on Artificial Intelligence (AI) Personal Data Compliance

We could not have a prediction this year without mentioning AI, which is top of mind for most business leaders and legal counsel alike. As FTC Chairperson Khan stated last week, "There is no exemption for AI" from existing laws. Organizations that develop or use a vendor's AI in what is considered high-risk areas of conditions of employment (including preconditions of employment), insurance, mortgages, health care, education, loans, and related advertising issues should be on a fast-forward road to AI Personal Data compliance." We expect to see continued AI enforcement actions this year from all regulators.