Back

News: Expansion of State-Level Data Privacy Laws in the U.S. – December 2024

2024-12-11

All Data in Trust

As of December 2024, 20 U.S. states have enacted comprehensive data privacy laws, reflecting a growing recognition of the importance of protecting personal information in the digital age. These laws aim to provide consumers with greater control over their data while imposing significant compliance requirements on businesses.

States with Enacted Data Privacy Laws
The following states have passed comprehensive privacy legislation, many of which have already come into effect or are slated for implementation soon:

  1. California – California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  2. Colorado – Colorado Privacy Act
  3. Connecticut – Connecticut Data Privacy Act
  4. Delaware – Delaware Personal Data Privacy Act
  5. Indiana – Indiana Consumer Data Protection Act
  6. Iowa – Iowa Consumer Data Protection Act
  7. Kentucky – Kentucky Consumer Data Protection Act
  8. Maryland – Maryland Online Data Privacy Act
  9. Minnesota – Minnesota Consumer Data Privacy Act
  10. Montana – Montana Consumer Data Privacy Act
  11. Nebraska – Nebraska Data Privacy Act
  12. New Hampshire – New Hampshire Data Privacy Act
  13. New Jersey – New Jersey Data Privacy Act
  14. Oregon – Oregon Consumer Privacy Act
  15. Rhode Island – Rhode Island Data Transparency and Privacy Protection Act
  16. Tennessee – Tennessee Information Protection Act
  17. Texas – Texas Data Privacy and Security Act
  18. Utah – Utah Consumer Privacy Act
  19. Virginia – Virginia Consumer Data Protection Act
  20. Washington – Washington Privacy Act (pending confirmation from the latest tracker updates).

Key Features of State Privacy Laws
While the specifics vary, most laws include:

  • Rights for Consumers: Access to personal data, the right to correct inaccuracies, delete personal information, and opt-out of data sales or targeted advertising.
  • Business Obligations: Data security measures, transparency requirements, and limitations on the use of sensitive personal information.
  • Enforcement: Fines for non-compliance, with some states granting consumers the right to take legal action.

Challenges for Businesses
This patchwork of laws creates significant challenges for businesses operating across multiple states. Companies must adopt flexible data management strategies and invest in compliance programs to navigate differing legal requirements effectively.

Looking Ahead
The momentum toward comprehensive state privacy laws continues, and 2025 may bring further legislative activity in other states. For businesses, keeping abreast of these changes is critical to avoiding compliance risks and ensuring consumer trust.

View other news

The Cyber Security Congress series

2025-04-26

EU’s Digital Operational Resilience Act (DORA) Set to Strengthen Cybersecurity and Data Protection Across Europe

2024-12-15

News: Expansion of State-Level Data Privacy Laws in the U.S. – December 2024

2024-12-11

Data Transfer Between the U.S. and Europe – December 2024 Update

2024-12-09

U.S. Legal Landscape Update – December 2024

2024-12-03

Oregon Advances in Privacy Protection with New Consumer Privacy Act

2023-07-20

Essential Guidelines for Organizations Participating in the DPF Program

2023-07-19

Biden-Harris Administration Unveils Comprehensive National Cybersecurity Strategy Implementation Plan

2023-07-15

EU-US Data Privacy Framework Ratified, Ensuring Greater Data Protection Across Borders

2023-07-12

Texas: New consumer privacy law on the horizon, Texas Data Privacy and Security Act (“TDPSA”)

2023-06-01

Kansas Governor Approves Senate Bill 44: A New Era for Financial Institutions’ Information Security

2023-05-24

Understanding the Indiana Data Privacy Law: Consumer Rights and Controller Obligations

2023-05-23

Indiana Steps Up with Comprehensive Consumer Data Privacy Legislation

2023-05-23

Montana Joins the Ranks with New Comprehensive Consumer Data Privacy Legislation

2023-05-23

Tennessee Information Protection Act: Implementation of a customized and profiled privacy program

2023-05-12

Tennessee Information Protection Act outlines specific responsibilities for controllers and processors of personal information.

2023-05-12

Tennessee House Bill 1181 – “Tennessee Information Protection Act” Aims to Strengthen Consumer Data Privacy

2023-05-12

Understanding if your U.S. Business falls under the Gramm-Leach-Bliley Act

2023-05-11

Understanding the FTC Safeguards Rule: A Guide for Businesses

2023-05-11

Texas: SUBCHAPTER A. GENERAL PROVISIONS, Consumer Data Protection Legislation

2023-05-11

Texas: SUBCHAPTER D. ENFORCEMENT.

2023-05-11

Texas: SUBCHAPTER C. CONTROLLER AND PROCESSOR DATA-RELATED DUTIES AND PROHIBITIONS

2023-05-11

Texas: SUBCHAPTER B. CONSUMER’S RIGHTS, Consumer Data Protection Legislation

2023-05-11

Texas: Bill for Data Privacy and Security Act passes both Houses

2023-05-11

Florida Unveils CS/CS/SB 262 — Technology Transparency Legislation

2023-05-11

Understanding the California Consumer Privacy Act (CCPA) and its Impact – REQUIRED NOTICES

2023-05-10

Groundbreaking My Health My Data Act (House Bill 1155)

2023-05-08

My Health My Data Act (House Bill 1155) Reinforces Consumer Health Data Privacy Protections

2023-05-08

Consumer Data Privacy Laws Across States: The Growing Landscape

2023-05-04

California Consumer Privacy Act (CCPA)

2023-05-02

The Virginia Consumer Data Protection Act (VCDPA)

2023-04-27

Texas Data Privacy and Security Act Moving Forward

2023-04-07

PILLAR FOUR – INVEST IN A RESILIENT FUTURE

2023-03-31

PILLAR THREE – SHAPE MARKET FORCES TO DRIVE SECURITY AND RESILIENCE

2023-03-31

Enhancing Cybersecurity Through Public-Private Partnerships – A Strategic Overview

2023-03-30

PILLAR ONE – DEFEND CRITICAL INFRASTRUCTURE

2023-03-30

National Cybersecurity Strategy of the United States of America

2023-03-03

Strengthening Data Security: The Updated Gramm-Leach-Bliley Act

2023-01-11

Responsibilities of Data Controllers and Processors under the Virginia Consumer Data Protection Act (Effective January 1, 2023)

2023-01-09

Understanding the Scope and Exemptions of the Virginia Consumer Data Protection Act (VCDPA)

2023-01-04

Navigating the CCPA Privacy Policy Landscape

2023-01-03

Implementation of State Data Protection Laws in the US.

2022-10-11

Support from the Data Protection Officer,
vCISO and auditors

Comprehensive support from our auditors and data protection officers.
Deep resilience of data protection and cyber security. Continuous training.

decoration

Policies, data protection procedures for each state in the U.S. and GLBA federal regulations

decoration

Policies, procedures, IT information security standards

decoration

Data protection auditing applications

decoration

IT information security audit applications

simple image of pc monitor with charts, magnifying glass and charts decoration
decoration

Applications with GDPR checklists and other rules concerning the protection of personal data

decoration

Applications with checklists CCPA, CPRA, HIPAA, VCDPA and more

decoration

Applications with NIST checklists 800-53, all levels

decoration

CMMC checklist applications (level 1-3)

Our team consists of: data protection officers, certified internal auditors, lawyers, attorneys, legal advisors, information security and IT specialists, information security and IT database auditors, trainers and authors of guides on data protection and cyber security.

View details