This tracker only includes bills intended to be comprehensive approaches to governing the use of personal information


Last updated: 22 July 2024


Contributor:


State-level momentum for comprehensive privacy bills is at an all-time high. The IAPP Westin Research Center actively tracks the proposed and enacted comprehensive privacy bills from across the U.S. to help our members stay informed of the changing state privacy landscape. This information is compiled into a map, a detailed chart identifying key provisions in the legislation, and links to enacted state comprehensive privacy laws.

Click To View Chart

Although many of the proposed bills will fail to become law, comparing the key provisions helps break down how privacy is developing in the U.S. The chart identifies fourteen provisions that commonly appear in comprehensive privacy laws. If a bill includes a provision, an "X" is placed in the corresponding column. The provisions are broken into two categories — consumer rights and business obligations — and are described more fully in the chart.

The Westin Research Center periodically updates this table, and previous versions are available for 2018-19, 2020, 2021, 2022 and 2023. If you are aware of a comprehensive bill absent from the tracker, please share it with us at research@iapp.org.

Please note: This tracker only includes bills intended to be comprehensive approaches to governing the use of personal information. If a bill does not appear on the tracker, it does not qualify due to its scope, coverage, or rights. Industry-specific, information-specific and narrowly scoped bills, e.g., data security bills, are not included. The IAPP additionally published an article providing further details on the scope of bills included in this tracker.



Enacted State
Comprehensive Privacy Laws

Only includes laws with comprehensive approaches to governing the use of personal information.

California

California Consumer Privacy Act
(effective 1 Jan. 2020)

As amended by the:

California Privacy Rights Act
(effective 1 Jan. 2023)

Colorado

Colorado Privacy Act
(effective 1 July 2023)

Delaware

Delaware Personal Data Privacy Act
(effective 1 Jan. 2025)

Indiana

Indiana Consumer Data Protection Act
(effective 1 Jan. 2026)

Iowa

Iowa Consumer Data Protection Act
(effective 1 Jan. 2025)

Kentucky

Kentucky Consumer Data Protection Act
(effective 1 Jan. 2026)

Maryland

Maryland Online Data Privacy Act
(effective 1 Oct. 2025)

Minnesota

Minnesota Consumer Data Privacy Act
(effective 31 July 2025)

Montana

Montana Consumer Data Privacy Act
(effective 1 Oct. 2024)

Nebraska

Nebraska Data Privacy Act
(effective 1 Jan. 2025)

New Hampshire

SB 255
(effective 1 Jan. 2025)

New Jersey

SB 332
(effective 15 Jan. 2025)

Oregon

Oregon Consumer Privacy Act
(effective 1 July 2024)

Rhode Island

Rhode Island Data Transparency and Privacy Protection Act
(effective 1 Jan. 2026)

Tennessee

Tennessee Information Protection Act
(effective 1 July 2025)

Texas

Texas Data Privacy and Security Act
(effective 1 July 2024)

Utah

Utah Consumer Privacy Act
(effective 31 Dec. 2023)

Virginia

Virginia Consumer Data Protection Act
(effective 1 Jan. 2023)