US Privacy Laws
Comply with US Privacy Laws
The enactment of the California Consumer Privacy Act of 2018 ('CCPA') on 1 January 2020 with an enforceability date of 1 July 2020 marked the first comprehensive US State privacy law, after which, an abundance of privacy-related legislation in the US, at both the federal and state level followed. While many bills fail to become law, four other States (Colorado, Virginia, Utah, and Connecticut) have now passed privacy legislation, and there is currently a federal bill, known as the American Data Privacy and Protection Act ('ADPPA') making its way through Congress. Significantly, the ADPPA marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, it would preempt the majority of state and local laws, invalidating any similar provisions therein.
With the US now having five comprehensive State privacy laws and a federal bill in the works compliance has become a complex issue for privacy professionals.
OneTrust DataGuidance's team of in-house Privacy Analysts work with our external network of contributors to provide you with daily updates and in-depth insight articles so you can stay on top of all relevant developments in the US.
Our State Law Tracker, allows you to easily compare requirements introduced by comprehensive privacy bills in different US states and understand how potential laws might affect your operations.
In addition, our Sectoral Privacy Overview Comparison gives you detailed information on the existing privacy frameworks in multiple states, all provided by our external network of experts.
Entry into Effect Dates
- California Consumer Privacy Act of 2018 ('CCPA') - Effective
- California Privacy Rights Act of 2020 ('CPRA') - 1 January 2023 (however many provisions became applicable to personal information collected from 1 January 2022)
- Colorado Privacy Act ('CPA') - 1 July 2023
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring ('CTDPA') - 1 July 2023
- Consumer Privacy Act ('UCPA') - 31 December 2023
- Consumer Data Protection Act ('CDPA') - 1 January 2023
US Privacy Law Comparison Report
Videos and Webinars
- California Privacy Rights Act: Reaction & Analysis
- A US Federal Privacy Bill is On the Horizon: Get to Know
- Understanding the New CPRA Draft Regulations & The ADPPA
- GDPR v CCPA & CPRA
- US Privacy Update: Recent Developments in Privacy Legislation
- Threat and Breach Response
- NIST Privacy Framework
- HIPAA Compliance and Cybersecurity Challenges
USA Sectoral Privacy Overview
- There is a law/restriction/exemption in place.
- Click to view information for additional detail.
- There is no law/requirement/exemption in place.
This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.
- Key Privacy Laws
- Health data
- Financial data
- Employment data
- Online privacy
- Unsolicited Commercial Communications
- Privacy Policies
- Data Security
- District of Columbia
- Georgia (US)
- New Hampshire
- New Jersey
- New Mexico
- New York
- Rhode Island
- South Carolina
- West Virginia