On March 15, 2023, the Iowa House of Representatives unanimously voted to approve Senate File 262 ("SF 262"), which would make Iowa the sixth State to adopt a comprehensive state privacy law. SF 262 will now be given to the Iowa governor for approval. Assuming the governor signs the bill, SF 262 will take effect January 1, 2025.
At a high level, SF 262 shares many similarities with other comprehensive state privacy laws, such as Virginia, Utah, Colorado and Connecticut. SF 262 governs the processing of personal data and applies to controllers and processors who "conduct business in" Iowa or those which "produce products or services that are targeted to residents." Businesses are covered by the law if they meet one of the following thresholds: (i) control or process personal data of at least 100,000 Iowa residents, or (ii) derive more than 50% of its revenue from the sale of personal data of at least 25,000 Iowa residents.
However, SF 262 is far less protective than other comprehensive state privacy laws. Although SF 262 provides consumers with the right to access, delete, and obtain a portable version of their personal data collected, there is no right of correction. Opt-out rights are also more limited. Covered entities have 90 days to respond to data subject access requests, which is longer than the typical 45-day response period required under other state privacy laws. Further, SF 262 has an opt-out standard for processing of sensitive personal data, rather than the affirmative consent standard required under other state privacy laws.
Also absent from the bill are any requirements to conduct risk assessments or maintain data minimization practices.
This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.