Support Centre
US Privacy Laws

US Privacy Laws

Comply with US Privacy Laws

The enactment of the California Consumer Privacy Act of 2018 ('CCPA') on 1 January 2020 with an enforceability date of 1 July 2020 marked the first comprehensive US State privacy law, after which, an abundance of privacy-related legislation in the US, at both the federal and state level followed. While many bills fail to become law, four other States (Colorado, Virginia, Utah, and Connecticut) have now passed privacy legislation, and there is currently a federal bill, known as the American Data Privacy and Protection Act ('ADPPA') making its way through Congress. Significantly, the ADPPA marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, it would preempt the majority of state and local laws, invalidating any similar provisions therein.

With the US now having five comprehensive State privacy laws and a federal bill in the works compliance has become a complex issue for privacy professionals.

OneTrust DataGuidance's team of in-house Privacy Analysts work with our external network of contributors to provide you with daily updates and in-depth insight articles so you can stay on top of all relevant developments in the US.

Our State Law Tracker, allows you to easily compare requirements introduced by comprehensive privacy bills in different US states and understand how potential laws might affect your operations.

In addition, our Sectoral Privacy Overview Comparison gives you detailed information on the existing privacy frameworks in multiple states, all provided by our external network of experts.

Entry into Effect Dates







US Privacy Law Comparison Report

Videos and Webinars

Sectoral Privacy Overview

USA Sectoral Privacy Overview

  • There is a law/restriction/exemption in place.
  • Click to view information for additional detail.
  • There is no law/requirement/exemption in place.

This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.

Compare Reset
  • Constitution
  • Key Privacy Laws
  • Health data
  • Financial data
  • Employment data
  • Online privacy
  • Unsolicited Commercial Communications
  • Privacy Policies
  • Data Security
  • Other
  • Alabama
  • Alaska
  • Arkansas
  • California
  • Colorado
  • Connecticut
  • Delaware
  • District of Columbia
  • Florida
  • Georgia (US)
  • Hawaii
  • Indiana
  • Kansas
  • Louisiana
  • Maine
  • Maryland
  • Massachusetts
  • Michigan
  • Minnesota
  • Mississippi
  • Nebraska
  • New Hampshire
  • New Jersey
  • New Mexico
  • New York
  • Oklahoma
  • Oregon
  • Pennsylvania
  • Rhode Island
  • South Carolina
  • Tennessee
  • Texas
  • Vermont
  • Washington
  • West Virginia
  • Wisconsin