US Privacy Laws
Comply with US Privacy Laws
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 with an enforceability date of July 1, 2020, marked the first comprehensive US state privacy law. Following this, a flurry of privacy-related legislation at both the federal and state level followed. Although many of these bills failed to become law, several states have now managed to pass comprehensive privacy legislation. Moreover, a federal bill known as the American Data Privacy and Protection Act (ADPPA) is making its way through Congress. The bill is significant as it marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, the ADPPA would preempt the majority of state and local laws, rendering any similar provisions therein invalid.
With numerous states now enacting privacy legislation, and with a federal bill in the works, privacy compliance in the US has become a complex issue for companies to navigate.
At OneTrust DataGuidance, our team of in-house Privacy Analysts works with an external network of contributors to provide you with daily updates and in-depth insight articles, so you can stay on top of all relevant developments in the US.
Our State Law Tracker enables you to easily track privacy-related bills in different US states to determine which laws might affect your operations. Additionally, our Sectoral Privacy Overview Comparison provides you with detailed information on the existing privacy frameworks in multiple states.
Entry into Effect Dates
Videos and Webinars
- California Privacy Rights Act: Reaction & Analysis
- A US Federal Privacy Bill is On the Horizon: Get to Know
- Understanding the New CPRA Draft Regulations & The ADPPA
- GDPR v CCPA & CPRA
- US Privacy Update: Recent Developments in Privacy Legislation
- Threat and Breach Response
- NIST Privacy Framework
- HIPAA Compliance and Cybersecurity Challenges
On April 22, 2024, Assembly Bill 2877 on the California Consumer Privacy Act of 2018: artificial intelligence: minors was re-referred to the Committee on Privacy and Consumer Protection.
On April 22, 2024, Assembly Bill 3204 on the Data Digesters Registration Act was re-referred to the Committee on Privacy and Consumer Protection.
On April 23, 2024, Senate Bill 24-041 on Privacy Protections for Children's Online Data was introduced in the Colorado House of Representatives and assigned to the House Business Affairs and Labor Committee.
On April 20, 2024, House Resolution 8038 for the 21st Century Peace through Strength Act passed the U.S. House of Representatives, following its introduction, on April 17, 2024.
On April 22, 2024, Senate Bill 2 an act concerning artificial intelligence received a joint favorable report from the General Law Committee, indicating its recommendation for passage by the full General Assembly.
On April 22, 2024, the White House announced, through the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) a Final Rule entitled HIPAA Privacy Rule to Support Reproductive Health Care Privacy (Final Rule).
On April 19, 2024, U.S. Senators introduced a bill to the U.S. Senate for the Future of Artificial Intelligence Innovation Act.
What are the goals of the bill?
If passed the bill would:
On April 18, 2024, Assembly Bill 2877 to amend Sections 1798.199.10 and 1798.199.15 of the Civil Code relating to privacy was read for a second time in the California State Assembly and amended to be the California Consumer Privacy Act of 2018: artificial in
On April 18, 2024, Assembly Bill 3204 adding Title 1.81.8 (commencing with Section 1978.321) to Part 4 of Division 3 of the Civil Code, relating to data digesters was read for a second time by the California State Assembly and amended to be the Data Digesters R
On April 20, 2024, the Colorado House of Representatives considered amendments to House Bill 24-1130 for an Act concerning protecting the privacy of an individual's biometric data.
On April 18, 2024, Assembly Bill 2930 on Automated Decision Tools was recommended for passage and re-referred to the House of Representatives Assembly Committee on Judiciary.
On April 18, 2024, Assembly Bill 3080 relating to age verification: obscene and indecent material was read for a second time and amended to be the Parent's Accountability and Child Protection Act.
The Virginia General Assembly passed - on a bipartisan vote - legislation to amend the Commonwealth's Consumer Data Protection Act (CDPA) and add specific privacy provisions for the personal data of children. Beth Burgin Waller, Patrick J.
In this Insight article, Maureen Fulton and Mikaela Witherspoon, from Koley Jessen P.C., L.L.O., delve into Nebraska's recently passed Data Privacy Act (NDPA), exploring its key provisions and similarities with the Texas Data Privacy and Security Act (TDPSA).
The Utah Consumer Privacy Act (UCPA), which entered into force on December 31, 2023, functions as comprehensive privacy legislation in Utah. However, the Utah State legislature has been active in both amending state privacy legislation and providing for new additions.
On April 7, 2024, U.S. Representative Cathy Rodgers and U.S. Senator Maria Cantwell introduced the American Privacy Rights Act 2024 (the Bill), aimed at establishing robust national data privacy standards with a focus on consumer control over personal information. In this Insight Q&A article, Billee Elliott McAuliffe and Jacquelyn H.
On April 7, 2024, U.S. Representative Cathy Rodgers and U.S. Senator Maria Cantwell unveiled the American Privacy Rights Act 2024 (the Bill) which would establish national consumer data privacy rights and set standards for data security.
In its current legislative session, Maryland's General Assembly is considering the Maryland Online Data Privacy Act of 2024 (MODPA).
The Utah Consumer Privacy Act (UCPA)1, which went into effect on December 31, 2023, was signed into law on March 24, 2022, by Utah Governor Spencer Cox.
New Hampshire, the Granite State, is the 15th U.S. state to enact a consumer privacy law. The new law is Chapter 507-H:7 of the New Hampshire Revised Statutes titled 'Expectation of Privacy' (the New Hampshire Privacy Law).
Since the public debut of generative artificial intelligence (AI) about 18 months ago, proponents and detractors of the new technology have saturated the media with breathless commentaries about the promise and peril of this new technology in the legal profession.
In this Insight article, John Romano and Jessie Adamson, from Baker Tilly, delve into Colorado's recent regulatory developments, specifically focusing on life insurers' utilization of Big Data, external consumer information, algorithms, and predictive models.
New Jersey became the 13th state to enact comprehensive privacy legislation when Governor Murphy signed S332 into law on January 16, 2024.
On February 28, 2024, the White House published Executive Order 14117 on Preventing Access to Amer
Comparing State Privacy Laws
Comparing US State Privacy Laws
Our US State Privacy Law Comparison allows you to compare and contrast requirements across each of the comprehensive privacy laws passed by States, making it easier to streamline compliance efforts and keep pace with the evolving landscape in the US. The Chart can be used alongside our US State Tracker, which allows you to monitor privacy-related bills during the legislative sessions, and our Sectoral Overview which provides further information on sector-specific laws in each US State.
- There is a requirement in place.
- Click to view information for additional detail.
- There is no requirement in place.
Sectoral Privacy Overview
USA Sectoral Privacy Overview
- There is a law/restriction/exemption in place.
- Click to view information for additional detail.
- There is no law/requirement/exemption in place.
This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.
- title
- Constitution
- Key Privacy Laws
- Health data
- Financial data
- Employment data
- Online privacy
- Unsolicited Commercial Communications
- Privacy Policies
- Data Security
- Other
- Alabama
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia (US)
- Hawaii
- Indiana
- Iowa
- Kansas
- Louisiana
- Maine
- Maryland
- Michigan
- Minnesota
- Mississippi
- Nebraska
- New Hampshire
- New Jersey
- New Mexico
- New York
- Oklahoma
- Pennsylvania
- Rhode Island
- South Carolina
- Tennessee
- Texas
- Utah
- Vermont
- Washington
- West Virginia
- Wisconsin