US Privacy Laws
Comply with US Privacy Laws
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 with an enforceability date of July 1, 2020, marked the first comprehensive US state privacy law. Following this, a flurry of privacy-related legislation at both the federal and state level followed. Although many of these bills failed to become law, several states have now managed to pass comprehensive privacy legislation. Moreover, a federal bill known as the American Data Privacy and Protection Act (ADPPA) is making its way through Congress. The bill is significant as it marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, the ADPPA would preempt the majority of state and local laws, rendering any similar provisions therein invalid.
With numerous states now enacting privacy legislation, and with a federal bill in the works, privacy compliance in the US has become a complex issue for companies to navigate.
At OneTrust DataGuidance, our team of in-house Privacy Analysts works with an external network of contributors to provide you with daily updates and in-depth insight articles, so you can stay on top of all relevant developments in the US.
Our State Law Tracker enables you to easily track privacy-related bills in different US states to determine which laws might affect your operations. Additionally, our Sectoral Privacy Overview Comparison provides you with detailed information on the existing privacy frameworks in multiple states.
Entry into Effect Dates
Videos and Webinars
- California Privacy Rights Act: Reaction & Analysis
- A US Federal Privacy Bill is On the Horizon: Get to Know
- Understanding the New CPRA Draft Regulations & The ADPPA
- GDPR v CCPA & CPRA
- US Privacy Update: Recent Developments in Privacy Legislation
- Threat and Breach Response
- NIST Privacy Framework
- HIPAA Compliance and Cybersecurity Challenges
On May 20, 2024, the Colorado legislature announced that Senate Bill 24-205 a bill for an act concerning consumer protections in interactions with artificial intelligence systems (the Act) was signed by the Colorado Governor on
On May 17, 2024, the Governor of Virginia approved Senate Bill 361 for protections for children (the Act). The Act will now take effect on January 1, 2025.
On May 17, 2024, the Governor of Virginia approved House Bill 707 to amend the Virginia Consumer Data Protection Act (CDPA) in relation to protection for children (the Act). The Act will now take effect on January 1, 2025.
On May 15, 2024, the Bipartisan Senate AI Working Group published a roadmap entitled 'Driving U.S.
On May 9, 2024, the Arkansas Attorney General (AG) announced that Arkansas would receive $104,246.46 as part of a $10.25 million, 50-jurisdiction settlement with AT&T Mobility LLC, Cricket Wireless LLC (part of AT&T Inc.), T-Mobile USA, Inc., TracFone Wireless, Inc., and Cellco Partnership, d/b/a Verizon Wireless (collectively referred t
On May 14, 2024, Senate Bill 24-041 on Privacy Protections for Children's Online Data was signed by the Speaker of the Colorado House of Representatives and the President of the Colorado State Senate.
On May 13, 2024, Senate Bill 24-205 a bill for an act concerning consumer protections in interactions with artificial intelligence systems was signed by the Speaker of the House and the President of the Senate.
On May 9, 2024, Assembly Bill 2877 on the California Consumer Privacy Act of 2018: artificial intelligence: training was read for a second time and ordered to third reading.
On May 5, 2024, Senate Bill 24-129 for an act concerning protecting the privacy of persons associated with non-profit entities, and, in connection therewith, prohibiting public agencies from taking certain actions relating to the colle
On May 8, 2024, Assembly Bill 2877 on the California Consumer Privacy Act of 2018: artificial intelligence: training was recommended for passage by the Committee on Appropriations.
On May 8, 2024, Senate Bill 24-205 a bill for an act concerning consumer protections in interactions with artificial intelligence systems passed its third reading in the House of Representatives and was concurred by the Colorado
Kentucky's Governor Andy Beshear signed the Act Relating to Consumer Data Privacy as an addition to Kentucky's Consumer Protection Act (under Chapter 367 of the Kentucky Revised Statutes) on April 4, 2024. Kentucky's new privacy law is the 16th state consumer privacy law enacted in the US and the third in 2024.
In part one of this Insight article, Julia Jacobson, Alexandra Kiosse, and Alan Friel, from Squire Patton Boggs, answered common questions such as the scope of protection, effective dates, and applicability, about the three new
In its 2024 legislative session, Maryland's General Assembly passed two significant data privacy laws: the Maryland Online Data Protection Act of 2024 (MODPA)1 and the
Three states - Kentucky, Maryland, and Nebraska - welcomed Spring 2024 by passing comprehensive consumer privacy laws, joining the laws in New Hampshire and New Jersey1 enacted earlier this year.
Children's online privacy has become a top priority in the United States at both the federal and state levels.
In this Insight article, Michelle Schaap, Partner at CSG Law, will discuss some (not all) notable distinctions between the failed American Data Privacy and Protection Act (ADPPA) and the draft American Privacy Rights Act (APRA).
New tools for employers to increase productivity and efficiency continue to evolve as artificial intelligence (AI) and automated decision-making become more sophisticated and prevalent. These tools are particularly common in the hiring arena, where employers can use technology to screen, track, and even communicate with applicants.
In this Insight article, Alan Friel and Kyle Dull, from Squire Patton Boggs, delve into the complexities of direct marketing regulations in the US, exploring the intricacies of federal and state laws, industry standards, and best practices to navigate the maze of compliance and foster consumer trust.
The Virginia General Assembly passed - on a bipartisan vote - legislation to amend the Commonwealth's Consumer Data Protection Act (CDPA) and add specific privacy provisions for the personal data of children. Beth Burgin Waller, Patrick J.
In this Insight article, Maureen Fulton and Mikaela Witherspoon, from Koley Jessen P.C., L.L.O., delve into Nebraska's recently passed Data Privacy Act (NDPA), exploring its key provisions and similarities with the Texas Data Privacy and Security Act (TDPSA).
The Utah Consumer Privacy Act (UCPA), which entered into force on December 31, 2023, functions as comprehensive privacy legislation in Utah. However, the Utah State legislature has been active in both amending state privacy legislation and providing for new additions.
On April 7, 2024, U.S. Representative Cathy Rodgers and U.S. Senator Maria Cantwell introduced the American Privacy Rights Act 2024 (the Bill), aimed at establishing robust national data privacy standards with a focus on consumer control over personal information. In this Insight Q&A article, Billee Elliott McAuliffe and Jacquelyn H.
Comparing State Privacy Laws
Comparing US State Privacy Laws
Our US State Privacy Law Comparison allows you to compare and contrast requirements across each of the comprehensive privacy laws passed by States, making it easier to streamline compliance efforts and keep pace with the evolving landscape in the US. The Chart can be used alongside our US State Tracker, which allows you to monitor privacy-related bills during the legislative sessions, and our Sectoral Overview which provides further information on sector-specific laws in each US State.
- There is a requirement in place.
- Click to view information for additional detail.
- There is no requirement in place.
(US) Definitions
(US) Legal Bases
(US) Individuals' Rights
(US) Penalties and Enforcement
Sectoral Privacy Overview
USA Sectoral Privacy Overview
- There is a law/restriction/exemption in place.
- Click to view information for additional detail.
- There is no law/requirement/exemption in place.
This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.
- title
- Constitution
- Key Privacy Laws
- Health data
- Financial data
- Employment data
- Online privacy
- Unsolicited Commercial Communications
- Privacy Policies
- Data Security
- Other
- Alabama
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia (US)
- Hawaii
- Indiana
- Iowa
- Kansas
- Louisiana
- Maine
- Maryland
- Michigan
- Minnesota
- Mississippi
- Nebraska
- New Hampshire
- New Jersey
- New Mexico
- New York
- Oklahoma
- Oregon
- Pennsylvania
- Rhode Island
- South Carolina
- Tennessee
- Texas
- Utah
- Vermont
- Washington
- West Virginia
- Wisconsin