Data collection, storage and use compliance practices are becoming increasingly important to most organizations. In fact, it should be considered a core compliance concern for almost every business and organization operating a website/app or otherwise collecting personal data through any medium. While the FTC Act has originally regulated failing to disclose deceptive practices under Section 5, most states have adopted some form of data disclosure laws. California has led the pack and has even expanded the definition of personal data to include IP addresses.
In Illinois, the Illinois Personal Information Protection Act is one of the most stringent data breach laws in the country. Additionally, the Biometric Information Privacy Act requires businesses to obtain written consent from Illinois consumers prior to collecting any biometric information, such as fingerprints, voiceprints, or scans of hand or face geometry. These existing laws, and more stringent proposed legislation, reflects the general trend and requiring all businesses collecting personal data to prioritize data compliance.
I help numerous businesses that collect and use personal data understand compliance obligations under both Illinois law and under applicable federal data privacy and security laws. Given the global nature of commerce, I also help businesses understand GDPR compliance, for those businesses with enough of a nexus to the EU marketplace.