US Privacy Laws
Comply with US Privacy Laws
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 with an enforceability date of July 1, 2020, marked the first comprehensive US state privacy law. Following this, a flurry of privacy-related legislation at both the federal and state level followed. Although many of these bills failed to become law, several states have now managed to pass comprehensive privacy legislation. Moreover, a federal bill known as the American Data Privacy and Protection Act (ADPPA) is making its way through Congress. The bill is significant as it marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, the ADPPA would preempt the majority of state and local laws, rendering any similar provisions therein invalid.
With numerous states now enacting privacy legislation, and with a federal bill in the works, privacy compliance in the US has become a complex issue for companies to navigate.
At OneTrust DataGuidance, our team of in-house Privacy Analysts works with an external network of contributors to provide you with daily updates and in-depth insight articles, so you can stay on top of all relevant developments in the US.
Our State Law Tracker enables you to easily track privacy-related bills in different US states to determine which laws might affect your operations. Additionally, our Sectoral Privacy Overview Comparison provides you with detailed information on the existing privacy frameworks in multiple states.
Entry into Effect Dates
State | Law | Effective Date |
---|---|---|
California | California Consumer Privacy Act of 2018 (CCPA) | In effect |
Virginia | Consumer Data Protection Act (CDPA) | In effect |
California | California Privacy Rights Act of 2020 (CPRA) | In effect |
Colorado | Colorado Privacy Act (CPA) | July 1, 2023 |
Connecticut | Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA) | July 1, 2023 |
Utah | Consumer Privacy Act (UCPA) | December 31, 2023 |
Florida | Florida Digital Bill of Rights (FDBR) | July 1, 2024 |
Oregon | Oregon Consumer Privacy Act (OCPA) | July 1, 2024 (Sections 1-9 for non-charitable organizations) |
Montana | Consumer Data Privacy Act (MCDPA) | October 1, 2024 |
Iowa | Iowa Consumer Data Protection Act (ICDPA) | January 1, 2025 |
Texas | Texas Data Privacy and Security Act (TDPSA) | January 1, 2025 |
Delaware | Delaware Personal Data Privacy Act (DPDPA) | January 1, 2025 |
Tennessee | Tennessee Information Protection Act (TIPA) | July 1, 2025 |
Indiana | Consumer Data Protection Act (ICDPA) | January 1, 2026 |
Videos and Webinars
- California Privacy Rights Act: Reaction & Analysis
- A US Federal Privacy Bill is On the Horizon: Get to Know
- Understanding the New CPRA Draft Regulations & The ADPPA
- GDPR v CCPA & CPRA
- US Privacy Update: Recent Developments in Privacy Legislation
- Threat and Breach Response
- NIST Privacy Framework
- HIPAA Compliance and Cybersecurity Challenges
On September 21, 2023, Senate Bill No. 582 relating to healthcare was enrolled and presented to the California Governor for action.
On September 21, 2023, Assembly Bill 1194 for An act to amend Sections 1798.99.31, 1798.145, and 1798.185 of the Civil Code, relating to privacy was enrolled and sent to the California Governor for action.
On September 21, 2023, Assembly Bill 352 on Health information was enrolled and sent to the California Governor for action. The bill outlines requirements for relevant entities which include providers of healthcare or pharmaceutical
On September 20, 2023, the Securities and Exchange Commission (SEC) announced the approval of the finalized rule providing for amendments to the Privacy Act of 1974.
On September 21, 2023, the Department of Science, Innovation and Technology (DSIT) published the Data Protection (Adequacy) (United States of America) Regulations 2023 for the UK Extension to the EU-US Data Privacy Framework (the Regulations). In particular, the Regulations provide that for the purposes of Part 2 of the Data Protection Act 2018
On September 18, 2023, U.S. Representative Anna G. Eshoo announced that, along with fellow U.S. Representative Jan Schakowsky, the introduction of bill HR5534 to prohibit targeted advertising by advertisers and advertising facilitators, and for other purposes, also known as the Banning Surveillance Advertising Act of 2023.
On September 19, 2023, U.S. Senator Ron Wyden announced that he, along with Senator Cory Booker, had introduced Senate Bill 2833 to prohibit targeted advertising by advertisers and advertising facilitators, also known as the Banning Surveillance Advertising Act of 2023.
Scope
On September 18, 2023, the California State Assembly concurred with the amendments introduced by the California State Senate to Senate Bill 296 on in-vehicle cameras, which was thereafter enrolled and presented to the Governor.
On September 18, 2023, the U.S. State District Court for the Northern District of California San Jose Division granted a preliminary injunction to NetChoice LLC on the basis that provisions of the California Age-Appropriate Design Code Act likely violate the First Amendment of the United States Constitution.
On September 11, 2023, the Federal Trade Commission (FTC) announced that it had filed a proposed order against Instant Checkmate, LLC, TruthFinder, LLC, the Control Group Media Company LLC, Interlicare Direct LLC, and PubRec LLC, (collectively, the defendants) for violation of the Federal Trade Commission Act (FTC Act) and Fair Credit Reporting
The California Privacy Protection Agency (CPPA) published on LinkedIn, on September 18, 2023, a statement from the CPPA's Executive Director, Ashkan Soltani, concerning the District Court of Appeal's decision in the case CPPA v CalCha
On September 14, 2023, the California State Senate concurred with the amendments introduced by the California State Assembly to Assembly Bill 352 on Health information, which was thereafter ordered for engrossing and enrolling.
The Delaware Personal Data Privacy Act was introduced, on May 12, 2023, to the Delaware House of Representatives. Since then, the Act has passed both the House of Representatives and the Senate and was signed by the Governor of Delaware, John Carney, on September 11, 2023.
The California Privacy Protection Agency (CPPA) has released suggested draft regulations for discussion by the CPPA board before its scheduled meeting on September 8, 2023.
Artificial intelligence (AI) has become a transformative force across every industry, revolutionizing the way businesses operate and impacting employment practices worldwide. In the US, the rapid advancement of AI has led to significant changes in the job market, with both positive and negative effects on employment.
The Florida Digital Bill of Rights (FDBR) was introduced to the Florida State Senate on March 3, 2023. After passing both Houses of the Florida State Congress, the FDBR was signed by the Governor on June 6, 2023.
The FDBR will enter into effect on July 1, 2024.
Texas enacted the Texas Data Privacy and Security Act (TDPSA) on June 18, 2023, and compliance is required starting from July 1, 2024. Businesses experienced with other comprehensive state consumer privacy laws will find most aspects of the TDPSA to be familiar.
In this Insight article, Mark Francis and Sophie Kletzien, from Holland & Knight LLP, delve into New York City's pioneering regulations, making it the first US jurisdiction to govern artificial intelligence's (AI) role in employment decisions.
Given the increasing number of data privacy laws in the US, entering into appropriate data processing agreements (DPAs) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance.
On June 6, 2023, the Governor signed S.B. 262, the Florida Digital Bill of Rights (FDBR) into law, with an effective date of July 1, 2024. Kyle R.
The Texas Data Privacy and Security Act (TDPSA) was signed into law by the Governor of Texas on July 1, 2023, having passed both the Texas State Senate and the Texas House of Representatives.
On July 18, 2023, Oregon become the latest US State to adopt a comprehensive consumer privacy law when the Governor of Oregon, Tina Kotek, signed into law Senate Bill 619 relating to the protections for the personal data of consumers.
The Tennessee Information Protection Act (TIPA) was signed into law by the Governor of Tennessee, Bill Lee, on May 11, 2023, having passed both Houses of the Tennessee General Assembly.
Comparing State Privacy Laws
Comparing US State Privacy Laws
Our US State Privacy Law Comparison allows you to compare and contrast requirements across each of the comprehensive privacy laws passed by States, making it easier to streamline compliance efforts and keep pace with the evolving landscape in the US. The Chart can be used alongside our US State Tracker, which allows you to monitor privacy-related bills during the legislative sessions, and our Sectoral Overview which provides further information on sector-specific laws in each US State.
- There is a requirement in place.
- Click to view information for additional detail.
- There is no requirement in place.
(US) Definitions
(US) Legal Bases
(US) Controller and Processor Obligations
(US) Individuals' Rights
(US) Penalties and Enforcement
Sectoral Privacy Overview
USA Sectoral Privacy Overview
- There is a law/restriction/exemption in place.
- Click to view information for additional detail.
- There is no law/requirement/exemption in place.
This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.
- title
- Constitution
- Key Privacy Laws
- Health data
- Financial data
- Employment data
- Online privacy
- Unsolicited Commercial Communications
- Privacy Policies
- Data Security
- Other
- Alabama
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia (US)
- Hawaii
- Indiana
- Kansas
- Louisiana
- Maine
- Maryland
- Michigan
- Minnesota
- Mississippi
- Nebraska
- New Hampshire
- New Jersey
- New Mexico
- New York
- Oklahoma
- Pennsylvania
- Rhode Island
- South Carolina
- Tennessee
- Texas
- Utah
- Vermont
- Washington
- West Virginia
- Wisconsin