🔁  Growing tired of OneTrust? Migrate seamlessly with Ketch Switch.
KetchBlogStrategy

Your 2023 data privacy guide

Privacy compliance is a daunting task, especially when the legal and tech landscape keeps shifting.
Your 2023 data privacy guide
Jonathan Joseph
Head of Solutions
Tags
Strategy
Regulations
Read time
4 min read
Last updated
February 21, 2025
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo
Example H2
Need an easy-to-use consent management solution?
Book a 30 min Demo
Ketch is simple,
automated and cost effective
Book a 30 min Demo

Privacy compliance is a daunting task, especially when the legal and tech landscape keeps shifting. 2023 is shaping up to be a critical year for data privacy preparations. Do you have a strategy to ensure your privacy program meets regulatory and technical expectations?

The privacy landscape increases in complexity every day. From new regulations, to expanding systems and datasets, to stakeholders involved in privacy-related decisions: creating a comprehensive privacy program is a significant challenge for every business. Here are the key things to keep an eye on and work through in 2023.

This content is summarized from a recorded webinar led by privacy and legal experts from Kelley Drye and Ketch on Wednesday, January 26th.

California: the moving target you can't ignore

Many of our clients have been hard at work prepping for CCPA, and more recently CPRA regulations. If you do business in the state of California, your data is affected. (Need to learn more about these laws, and the distinctions between CCPA and CPRA? Check out our guide.)

The effective date of CPRA is January 1, 2023. Many are asking for when initial CPRA rules will be published, and we haven't seen an answer on this yet.

The latest California news is announcement of the creation of the California Privacy Protection Agency (CPPA), a five-member board for state-level compliance in California. They have not yet officially taken over rule-making authority yet, but their timeline for events is ambitious. Where the board will go remains to be seen, but keep an eye on the CCPA website for latest updates.

While we wait to see what new information comes out, there are a few key things you can do in the meantime to shore up your enterprise outlook:

  • Sign up for CPPA press release schedule. Typically released on Fridays, this is a great way to stay in the loop on latest California updates.
  • Is your data discovery process automated or manual? If you're still using spreadsheets, email, and surveys for data discovery and mapping—start thinking about a transition to a more dynamic, always-on tool.
  • Is your data discovery tool connected to your privacy software? We're seeing data discovery as essential to driving efficiency in setting up new laws to be compliant.

Notable updates from additional U.S. states

  • Colorado has passed a privacy law, with an effective date of July 2023. We're watching to see the substantive areas where the CO Attorney General, Philip J. Weiser, will focus in on. We're especially interested in what they plan to mandate regarding universal opt-outs, indicated to be an area of interest so far. General Weiser does seem to have a sophisticated understanding of privacy and the associated technical complexity, and we're excited to watch how Colorado's legislation progresses as a principled example for other U.S. states.
  • Virginia is a state in transition, with a recent leadership transition including a new Attorney General.
  • What else? We're hearing an additional 5-6 states may pass legislation, but nothing concrete enough to focus on just yet. The important thing to accept is that more legislation is coming, and it's critical to build a privacy program that can flex and scale to accommodate more rulings. This is why data mapping and hygiene is so important.

FTC developments

  • Federal rule-making at the FTC is going to take a very long time. There are a number of steps that can't be bypassed, such as notice to Congress; and if the FTC attempted to short-circuit any steps, it would risk the process.
  • How should you manage FTC-related risks? Stay focused on fundamentals. Key among them is keeping your arms around your privacy representations. Are you keeping your privacy promises? And make sure you're keeping an eye on specific sectors that apply to you, like telemarketing or children's privacy (COPPA).

Getting to work: how to get started in 2023

Privacy leaders must become champions and allies for privacy across the business. From alignment with your CISO or security leader, to collaboration on how privacy impacts the brand and marketing strategy, privacy is pervasive. It's gone from an internal compliance requirement to a board-level discussion for most organizations.

Jonathan Joseph

Head of Solutions

Jonathan leads Solutions at Ketch. He's focused on ethical data use, serving on The Ethical Tech Project's board. He co-hosts the video series Privacy Huddle, and his work appears in The Hill.
Tags
Strategy
Regulations
Read time
4 min read
Published
January 4, 2023

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo
Ketch was named top consent management platform on G2