US Privacy Laws
Comply with US Privacy Laws
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 with an enforceability date of July 1, 2020, marked the first comprehensive US state privacy law. Following this, a flurry of privacy-related legislation at both the federal and state level followed. Although many of these bills failed to become law, several states have now managed to pass comprehensive privacy legislation. Moreover, a federal bill known as the American Data Privacy and Protection Act (ADPPA) is making its way through Congress. The bill is significant as it marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, the ADPPA would preempt the majority of state and local laws, rendering any similar provisions therein invalid.
With numerous states now enacting privacy legislation, and with a federal bill in the works, privacy compliance in the US has become a complex issue for companies to navigate.
At OneTrust DataGuidance, our team of in-house Privacy Analysts works with an external network of contributors to provide you with daily updates and in-depth insight articles, so you can stay on top of all relevant developments in the US.
Our State Law Tracker enables you to easily track privacy-related bills in different US states to determine which laws might affect your operations. Additionally, our Sectoral Privacy Overview Comparison provides you with detailed information on the existing privacy frameworks in multiple states.
Entry into Effect Dates
Videos and Webinars
- California Privacy Rights Act: Reaction & Analysis
- A US Federal Privacy Bill is On the Horizon: Get to Know
- Understanding the New CPRA Draft Regulations & The ADPPA
- GDPR v CCPA & CPRA
- US Privacy Update: Recent Developments in Privacy Legislation
- Threat and Breach Response
- NIST Privacy Framework
- HIPAA Compliance and Cybersecurity Challenges
On March 21, 2024, House Bill 7520 for the Protecting Americans' Data from Foreign Adversaries Act of 2024 proceeded to the U.S. Senate following its passage, on March 20, 2024, by the U.S. House of Representatives.
On March 26, 2024, House Bill 24-1058 on Protect Privacy of Biological Data passed its third reading in the Colorado State Senate.
On March 25, 2024, the Connecticut General Assembly announced that Senate Bill 2 an act concerning artificial intelligence was referred to the Office of Legislative Research and Office of Fiscal Analysis on March 24, 2024.
On March 21, 2024, Assembly Bill 3286 for California Consumer Privacy Act of 2018: monetary thresholds: grants, was referred to the Privacy and Consumer Protection Committee after being introduced and read for the first time in the California Assembly on March 18, 2024. In particular, the bill would amend the California Consumer Privacy Act of 2
On March 25, 2024, House Bill 24-1058 on Protect Privacy of Biological Data passed its second reading in the Colorado State Senate.
On March 8, 2024, the California Privacy Protection Agency (CPPA) voted to advance the proposed risk assessment and automated decision-making technology regulations (the ADMT Regulations), as well as the update to the California Consumer Privacy Act (as amended) regulations.
On March 21, 2024, Assembly Bill 3080 relating to age verification: obscene and indecent material was read for a second time in the Assembly and amended after its referral to the Committees on Privacy and Consumer Protection and Judiciary on the same day.
On March 19, 2024, US Senator Ben Ray Luján announced the introduction of a bill to require companies to receive consent from consumers having their data used to train an artificial intelligence system to the U.S. House of Representatives.
On March 19, 2024, Assembly Bill 1824 for California Consumer Privacy Act of 2018: opt-out right: mergers was re-refered to the Committee on Privacy and Consumer Protection after it was introduced to the House on January 11, 2024.
On March 19, 2024, House Bill 491 for the Government Data Privacy Act was signed by the Governor of Utah. This follows its introduction, on February 7, 2024, to the Utah House of Representatives.
On March 19, 2024, Senate Bill 98 on Online Data Security and Privacy Amendments was signed by the Governor of Utah following its introduction, on January 16, 2024, to the Utah State Senate.
The Utah Consumer Privacy Act (UCPA)1, which went into effect on December 31, 2023, was signed into law on March 24, 2022, by Utah Governor Spencer Cox.
New Hampshire, the Granite State, is the 15th U.S. state to enact a consumer privacy law. The new law is Chapter 507-H:7 of the New Hampshire Revised Statutes titled 'Expectation of Privacy' (the New Hampshire Privacy Law).
Since the public debut of generative artificial intelligence (AI) about 18 months ago, proponents and detractors of the new technology have saturated the media with breathless commentaries about the promise and peril of this new technology in the legal profession.
In this Insight article, John Romano and Jessie Adamson, from Baker Tilly, delve into Colorado's recent regulatory developments, specifically focusing on life insurers' utilization of Big Data, external consumer information, algorithms, and predictive models.
New Jersey became the 13th state to enact comprehensive privacy legislation when Governor Murphy signed S332 into law on January 16, 2024.
On February 28, 2024, the White House published Executive Order 14117 on Preventing Access to Amer
California is on the verge of shaking up the privacy space again with rules on automated decision-making technology (ADMT).
In this Insight article, Zach Lerner and Hannah Schaller, from ZwillGen PLLC, analyze the privacy challenges confronting artificial intelligence (AI) developers in US education, navigating compliance nuances with laws and state privacy regulations to ensure responsible AI use.
When the New York Department of Financial Services (NYDFS) first promulgated its cybersecurity regulations in March 2017 (the Cybersecurity Regulations), these were widely considered the most prescriptive requirements imposed on financial institutions nationwide.1 The Cyberse
Over the years, as part of its role as the primary federal consumer protection regulator, the Federal Trade Commission (FTC) has filled a void in the oversight and regulation of new technologies.
In this Insight article, Michael Rubin and Robert Brown, from Latham & Watkins LLP, explore the contours of the U.S. Senate's recently proposed bipartisan legislation, the Artificial Intelligence Research, Innovation, and Accountability Act of 2023 (AIRIA).
The Delaware Personal Data Privacy Act (DPDPA) was signed into law in September 2023 and becomes effective on January 1, 2025. While the DPDPA shares many similarities with other comprehensive state privacy laws, it is not identical.
Comparing State Privacy Laws
Comparing US State Privacy Laws
Our US State Privacy Law Comparison allows you to compare and contrast requirements across each of the comprehensive privacy laws passed by States, making it easier to streamline compliance efforts and keep pace with the evolving landscape in the US. The Chart can be used alongside our US State Tracker, which allows you to monitor privacy-related bills during the legislative sessions, and our Sectoral Overview which provides further information on sector-specific laws in each US State.
- There is a requirement in place.
- Click to view information for additional detail.
- There is no requirement in place.
Sectoral Privacy Overview
USA Sectoral Privacy Overview
- There is a law/restriction/exemption in place.
- Click to view information for additional detail.
- There is no law/requirement/exemption in place.
This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.
- title
- Constitution
- Key Privacy Laws
- Health data
- Financial data
- Employment data
- Online privacy
- Unsolicited Commercial Communications
- Privacy Policies
- Data Security
- Other
- Alabama
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia (US)
- Hawaii
- Indiana
- Iowa
- Kansas
- Louisiana
- Maine
- Maryland
- Michigan
- Minnesota
- Mississippi
- Nebraska
- New Hampshire
- New Jersey
- New Mexico
- New York
- Oklahoma
- Pennsylvania
- Rhode Island
- South Carolina
- Tennessee
- Texas
- Utah
- Vermont
- Washington
- West Virginia
- Wisconsin