This tracker only includes bills intended to be comprehensive approaches to governing the use of personal information
Last updated: 22 July 2024
Contributor:
State-level momentum for comprehensive privacy bills is at an all-time high. The IAPP Westin Research Center actively tracks the proposed and enacted comprehensive privacy bills from across the U.S. to help our members stay informed of the changing state privacy landscape. This information is compiled into a map, a detailed chart identifying key provisions in the legislation, and links to enacted state comprehensive privacy laws.
Although many of the proposed bills will fail to become law, comparing the key provisions helps break down how privacy is developing in the U.S. The chart identifies fourteen provisions that commonly appear in comprehensive privacy laws. If a bill includes a provision, an "X" is placed in the corresponding column. The provisions are broken into two categories — consumer rights and business obligations — and are described more fully in the chart.
The Westin Research Center periodically updates this table, and previous versions are available for 2018-19, 2020, 2021, 2022 and 2023. If you are aware of a comprehensive bill absent from the tracker, please share it with us at research@iapp.org.
Please note: This tracker only includes bills intended to be comprehensive approaches to governing the use of personal information. If a bill does not appear on the tracker, it does not qualify due to its scope, coverage, or rights. Industry-specific, information-specific and narrowly scoped bills, e.g., data security bills, are not included. The IAPP additionally published an article providing further details on the scope of bills included in this tracker.
-
expand_more
Additional US State Privacy Resources
Enacted State
Comprehensive Privacy Laws
Only includes laws with comprehensive approaches to governing the use of personal information.
California
California Consumer Privacy Act
(effective 1 Jan. 2020)
As amended by the:
California Privacy Rights Act
(effective 1 Jan. 2023)
Colorado
Colorado Privacy Act
(effective 1 July 2023)
Connecticut
Connecticut Personal Data Privacy and Online Monitoring Act
(effective 1 July 2023)
Delaware
Delaware Personal Data Privacy Act
(effective 1 Jan. 2025)
Indiana
Indiana Consumer Data Protection Act
(effective 1 Jan. 2026)
Iowa
Iowa Consumer Data Protection Act
(effective 1 Jan. 2025)
Kentucky
Kentucky Consumer Data Protection Act
(effective 1 Jan. 2026)
Maryland
Maryland Online Data Privacy Act
(effective 1 Oct. 2025)
Minnesota
Minnesota Consumer Data Privacy Act
(effective 31 July 2025)
Montana
Montana Consumer Data Privacy Act
(effective 1 Oct. 2024)
Nebraska
Nebraska Data Privacy Act
(effective 1 Jan. 2025)
New Hampshire
SB 255
(effective 1 Jan. 2025)
New Jersey
SB 332
(effective 15 Jan. 2025)
Oregon
Oregon Consumer Privacy Act
(effective 1 July 2024)
Rhode Island
Rhode Island Data Transparency and Privacy Protection Act
(effective 1 Jan. 2026)
Tennessee
Tennessee Information Protection Act
(effective 1 July 2025)
Texas
Texas Data Privacy and Security Act
(effective 1 July 2024)
Utah
Utah Consumer Privacy Act
(effective 31 Dec. 2023)
Virginia
Virginia Consumer Data Protection Act
(effective 1 Jan. 2023)