US State Privacy

While the wait is on for a federal privacy law, many states have taken matters into their own hands and are in the process of or have already passed state data protection laws. The IAPP has been keeping track of individual state privacy legislation, and we regularly update this topic page with our collection of news and resources.

The IAPP Resource Center also includes a “US Federal Privacy” topic page.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NE, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

Featured Resources Latest News and Resources Resources by State

Featured Resources

US State Privacy Legislation Tracker

This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More

The Growth of State Privacy Legislation

Since 2018, the IAPP has closely tracked privacy legislation developments in the U.S. at the state level. This resource shows the rapid growth of U.S. state-level privacy initiatives from 2018 through 2022 to provide historical context.
Read More

CCPA and CPRA
Topic Page

This topic page contains resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Read More

Latest News and Resources

Key Dates from US Comprehensive State Privacy Laws

The IAPP created a timeline of key dates from the comprehensive data privacy laws in California, Colorado, Connecticut, Utah and Virginia. Read More

Save This

Web Conference: Expert Panel: U.S. Data Privacy Countdown to 2023

Original broadcast date: 19 Oct. 2022 In 2023, five new state privacy laws go into effect across California, Virginia, Colorado, Connecticut, and Utah. With just a few months to go until California’s CPRA goes live, organizations need a pragmatic approach to navigate this complexity. In this web conference, panelists discuss, which CCPA learnings apply as organizations prepare for CPRA, what are the implications for first-party data strategies, what challenges will new CPRA employee rights introduce, how do organizations can harmonize policies across regulations and states and more. Read More

Save This

State data privacy legislation: Takeaways from 2022 and what to expect in 2023

The amount of activity with state data privacy legislation during the 2022 legislative cycle was, at times, overwhelming. Lawmakers in 29 states and the District of Columbia either introduced data privacy bills or had them carry over from the 2021 legislative session. Twenty-three states held committee hearings. Fourteen states passed bills out of committee. Seven states passed a bill through one chamber. Two states passed laws. Although the legislatures in a few states considering bills are op... Read More

Save This

Web Conference: How to Navigate the US Privacy Landscape in 2023

Original broadcast date: 14 Sept. 2022 In this web conference, panelists discuss legal guidance for CPRA, CDPA, CPA, UCPA, CTDPA, operational considerations based on organizations privacy program’s maturity and best practices for compliance with the upcoming laws in the US. Read More

Save This

Web Conference: Handling Consumer Rights Requests in 2023

Original broadcast date: 8 Sept. 2022 In this web conference, panelists discuss what new rights the upcoming state privacy laws grant to consumers, which states will require jurisdiction-specific responses to rights requests and how organizations will have to update their privacy program to handle changes to consumer rights, including tips on employee training and technological tweaks to make. Read More

Save This

	New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation (IAPP, September 2022)
	2023 US State Data Protection Laws – A Summary of Opt-Out Rights and Preference Signal Requirements (Thompson Hine, September 2022)
	California Age-Appropriate Design Code final passage brings mixed reviews (IAPP, August 2022)
	Michigan Attorney General Nessel on strengthening consumer protections, right to privacy (IAPP, August 2022)
	US senators introduce bill to enhance credit unions’ cybersecurity (IAPP, August 2022)
	NCSL – US State Statutory and Legislative Charts (NCSL, August 2022)
	Web Conference: State of US privacy: Countdown to compliance (IAPP, July 2022)
	US state privacy laws: What you need to know (IAPP, June 2022)
	Connecticut enacts comprehensive consumer data privacy law (IAPP, May 2022)
	Exceptions in new US state privacy laws leave data without security coverage (IAPP, May 2022)
	Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more (IAPP, May 2022)
	Colorado Privacy Act Compliance Guide (Termageddon , May 2022)
	Web Conference: Building Your US Privacy Program: Six Steps to US Privacy Compliance (IAPP, April 2022)
	US State Data Breach Notification Law Matrix (Mintz)
	Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date (IAPP, April 2022)
	Utah becomes fourth US state to enact comprehensive consumer privacy legislation (IAPP, March 2022)
	Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches (IAPP, March 2022)
	A state legislator’s perspective on data privacy legislation (IAPP, March 2022)
	Web Conference: Leverage Your Compliance Efforts: Preparing for Upcoming State Privacy Laws (IAPP, March 2022)
	Florida privacy bill maintains PRA ahead of House floor vote (IAPP, February 2022)
	Unpacking Washington state’s cluster of comprehensive privacy bills (IAPP, January 2022)
	ITIF Report — The Cost of a Patchwork of State Privacy Laws (ITIF, January 2022)
	State attorneys general sue Google with ‘dark patterns’ claims (IAPP, January 2022)
	Status of the California Privacy Protection Agency’s work (IAPP, December 2021)
	The Growth of State Privacy Legislation (IAPP, November 2021)
	Bloomberg Law – Biometric Data Privacy Laws (Bloomberg, November 2021)
	BIPA Legislation Introduced in 2021 (IAPP, October 2021)
	NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government (NASCIO, October 2021)
	NASCIO – State Chief Information Officer Surveys (NASCIO, October 2021)
	NASCIO Report: State CIO use of the Cloud (NASCIO, October 2021)
	NASCIO Report: Why State CIOs are turning to low-code and no-code software development (NASCIO, September 2021)
	Privacy patchwork: Looking back at the 2021 legislative session (IAPP, September 2021)
	State reps. drop 2022 Oklahoma privacy bill; California genetic privacy bill passes (IAPP, September 2021)
	Skepticism clouds ULC’s pitch for uniform US state privacy legislation (IAPP, August 2021)
	Ohio Attorney General Yost on state, federal privacy law, FTC and more (IAPP, August 2021)
	Ohio Lt. Governor Jon Husted discusses the state’s privacy bill (IAPP, August 2021)
	California attorney general offers CCPA enforcement update, launches reporting tool (IAPP, July 2021)
	Comparison of Comprehensive Data Privacy Laws in Virginia, California and Colorado (IAPP, July 2021)
	NYC biometric law enters into force (IAPP, July 2021)
	Maine passes statewide facial recognition ban (IAPP, July 2021)
	Opt-in vs. opt-out approaches to personal information processing (IAPP, May 2021)
	State Data Breach Notification Chart (IAPP, May 2021)
	Op-ed: A privacy advocate’s take on 2021 state law efforts (IAPP, July 2021)
	Florida Legislature’s privacy law efforts fall short (IAPP, May 2021)
	‘States are where the action is’ on privacy legislation (IAPP, May 2021)
	Morrison Foerster Privacy Library (Morrison Foerster)
	Web Conference: Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond (IAPP, April 2021)
	Keynote: ‘State of the States: A Look at 2021 U.S. State Privacy Legislation’ (IAPP, April 2021)
	Attorney General Tong on enforcement priorities, legislative landscape in Connecticut (IAPP, April 2021)
	The Washington Privacy Act goes 0 for 3 (IAPP, April 2021)
	Web Conference: Building a Compliance Program for a Patchwork of State Privacy Laws (IAPP, April 2021)
	A closer look at tech’s state privacy law lobbying efforts (IAPP, April 2021)
	House fails to pass WPA, bill sponsor says it ‘remains alive’ (IAPP, April 2021)
	Whittled Florida privacy bill moves forward (IAPP, April 2021)
	House Appropriations Committee passes amended WPA (IAPP, April 2021)
	House committee advances WPA with limited private right of action (IAPP, March 2021)
	Opt in or opt out? State privacy bills introduced in 2021 (IAPP, March 2021)
	What Virginia’s Consumer Data Protection Act means for your privacy program (IAPP, March 2021)
	Analyzing Virginia’s new privacy law with Odia Kagan (IAPP, March 2021)
	Facebook’s $650M BIPA settlement ‘a make-or-break moment’ (IAPP, March 2021)
	Challenge accepted: Initial Virginia CDPA reactions, considerations (IAPP, March 2021)
	Virginia passes the Consumer Data Protection Act (IAPP, March 2021)
	Consumer Reports: Model State Privacy Act (Consumer Reports, February 2021)
	A conversation with Tenn. Attorney General Herbert Slatery (IAPP, February 2021)
	What’s ahead for US state privacy legislation in 2021? A conversation with David Stauss (IAPP, January 2021)
	Is 2021 the year for the Washington Privacy Act? (IAPP, January 2021)
	2020 Deloitte-NASCIO Cybersecurity Study – States at Risk: The Cybersecurity Imperative in Uncertain Times (Deloitte, NASCIO, October 2020)
	What Do Emerging State Privacy Laws Really Mean for B2B Companies? (Baker McKenzie, March 2020)
	Web Conference: Privacy Regulation Update: New and Evolving State and Federal Laws (IAPP, March 2020)
	Why are states making consumer data less secure? (IAPP, April 2019)
	Op-ed: Marketers should focus on state privacy laws over a federal rule (IAPP, March 2019)
	US federal privacy preemption part 1: History of federal preemption of stricter state laws (IAPP, January 2019)

View More Resources

Resources by State

Here you can find privacy news and resources sorted by state. To track the status of privacy legislation by state, view the IAPP’s “US State Privacy Legislation Tracker,” which helps aid our users’ efforts to stay abreast of the changing state-privacy landscape.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

Alabama News and Resources

16 states join Alabama in disputing Census use of differential privacy
(April 2021)
Facial recognition bills proposed in Maryland, Alabama
(February 2021)
Alabama’s Crimson Tide loyalty app raises privacy concerns
(September 2019)
Alabama approves PLS certification
(December 2018)
Alabama opens cybersecurity operations center
(October 2018)

Alaska News and Resources

Breach of voter registration system exposes 113K Alaskan voters’ data
(December 2020)
Computer monitoring raises privacy concerns in Alaskan school
(October 2019)

Arizona News and Resources

Member Spotlight: A conversation with Domingo DeGrazia
(August 2021)
Arizona MVD sells Social Security numbers to private investigators
(August 2020)
Ariz. attorney general files lawsuit against Google over location tracking
(May 2020)
Arizona court rules citizens have a right to online privacy from authorities without a warrant
(July 2019)
Arizona attorney general to investigate Google’s location-tracking practices
(September 2018)

Arizona passes data breach law
(June 2018)
Arizona Attorney General Mark Brnovich on federal breach laws, state pre-emption, and class actions
(April 2018)

View More Resources

Arkansas News and Resources

Ark., Okla. residents’ court, utility payment transactions exposed
(April 2020)
Arkansas hires first CPO
(June 2018)

Passed Laws, Regulations, Dates and Deadlines
Passed Laws and Regulations

California Consumer Privacy Act of 2018 (effective Jan. 1, 2020)

California Privacy Rights Act, amending the CCPA (effective Dec. 16, 2020; fully operative January 1, 2023)
- View on the California Legislative website (provisions for both the CCPA and the CPRA are included)
- View the CPRA Ballot Initiative (PDF)
- California Consumer Privacy Act Regulations
Key Dates Related to the CCPA and CPRA

Jan. 1, 2020
- CCPA effective date.
July 1, 2020
- CCPA enforcement date.
Jan. 1, 2022
- CPRA look back period begins (CPRA Ballot Initiative Section 31(a)).
July 1, 2022
- Deadline for adopting final CPRA regulations (CCPA Section 1798.185(d)). NOTE: this deadline was not met.
July 8, 2022
- California Privacy Protection Agency begins formal rulemaking process to update existing regulations and adopt new regulations.
Jan. 1, 2023
- CPRA provisions amending the CCPA become fully operative (CPRA Ballot Initiative Section 31(a)).
- Operative employee business-to-business exemptions expire (CPRA Sections 1798.145(m) and (n)).
July 1, 2023
- CPRA enforcement begins (CCPA Section 1798.185(d)).

California News and Resources

The news and resources below are relevant to privacy in California outside of the California Consumer Privacy Act and California Privacy Rights Act. The IAPP Resource Center hosts a separate topic page, “CCPA and CPRA,” which contains a curation of the IAPP’s coverage, analysis and relevant resources covering the CCPA and CPRA.
Click To View

California Age-Appropriate Design Code final passage brings mixed reviews
(August 2022)
Status of the California Privacy Protection Agency’s work
(December 2021)
California attorney general issues guidance on health privacy law obligations
(August 2021)
Update by the California attorney general could be a game-changer
(July 2021)
Vaccination records raising privacy concerns in California
(June 2021)

Research shows ‘massive amount’ of vehicle surveillance in California
(April 2021)
What the CPPA’s appointments say about enforcement priorities, strategy
(March 2021)
California names appointees to new privacy enforcement agency
(March 2021)
What is the California Privacy Protection Agency?
(November 2020)
Gov. Newsom signs bill on Calif. SSN privacy
(September 2020)
Calif. on the verge of instituting new deidentification requirements, broader research exemptions
(September 2020)
Calif. children’s social media bill presented to Gov. Newsom
(September 2020)
Calif. passes genetic privacy bill
(September 2020)
Calif. Senate approves privacy bill regulating photos by law enforcement
(August 2020)
Chamber of Commerce joins effort to block Calif. net neutrality law
(August 2020)
California DMV sells drivers’ data to private investigators, bail bondsmen
(August 2020)
Lawmakers question Calif. DMV’s privacy, security practices
(August 2020)
Analyzing the Calif. attorney general’s comments on cookies and tracking technologies
(June 2020)
Uber brings location privacy suit against Los Angeles
(March 2020)
Calif. sen. introduces genetic privacy legislation
(February 2020)

View More Resources

Passed Laws, Regulations, Dates and Deadlines
Passed Laws and Regulations

Colorado Privacy Act
- View on the Colorado Legislative website
- View in the Colorado Revised Statutes
Key Dates Related to the Colorado Privacy Act

July 1, 2023
- Effective date. Data protection assessment requirements apply to processing activities created or generated after July 1 and are not retroactive (Section 6-1-1309(6)).
- Deadline for attorney general to adopt rules detailing the technical specifications for one or more universal opt-out mechanisms (Section 6-1-1313(2)).
July 1, 2024
- Controllers required to allow consumers to exercise the right to opt out of sale or targeted advertising though a universal opt-out mechanism (Section 6-1-1306 (1)(a)(IV)(B)).
- Notice of violation and right to cure provision expires (Section 6-1-1311(1)(d).
Jan. 1, 2025
- Notice of violation and right to cure provision expires (Section 6-1-1311(1)(d).
- Attorney general may adopt rules governing the process of issuing opinion letters and interpretive guidance by this date. The rules must be effective by July 1, 2025 (Section 6-1-1313(3)).

Colorado News and Resources

Colorado Privacy Act Compliance Guide
(May 2022)
Colorado attorney general details his CPA enforcement priorities at IAPP GPS22
(April 2022)
Data Privacy Protection: A Colorado Perspective
(April 2022)
Colorado – Data Security Best Practices
(February 2022)
Colorado attorney general discusses CPA rulemaking
(February 2022)

Colorado Privacy Act becomes law
(July 2021)
Comparison of Comprehensive Data Privacy Laws in Virginia and California
(July 2021)
Colorado Privacy Act passes, professionals ponder effects
(June 2021)
Colo. lawmakers to introduce bill on sharing data for immigration enforcement
(February 2021)
Colo. law enforcement accessed DMV’s facial recognition software
(September 2020)
Colorado’s new data destruction, vendor management and breach notification requirements
(September 2018)
Colorado lawmakers push to adopt blockchain
(February 2018)

View More Resources

Passed Laws, Regulations, Dates and Deadlines
Passed Laws and Regulations

Connecticut Personal Data Privacy and Online Monitoring Act
- View on the Connecticut General Assembly website
Key Dates Related to the Connecticut Personal Data Privacy and Online Monitoring Act

Sept. 1, 2022
- Deadline for task force to be convened to study issues including algorithmic decision-making and other issues related to data privacy (Section 12(a)).
Jan. 1, 2023
- Deadline for task force to submit report (Section 12(d).
July 1, 2023
- Effective date. Data protection assessment requirements apply to processing activities created or generated after July 1 and are not retroactive (Section 8(f)).
Feb. 1, 2024
- Deadline for attorney general to submit a report regarding enforcement (Section 11(b)).
Jan. 1, 2025
- Right to cure expires. Attorney general has discretion to grant a cure period (Sections 11(b)-(c)).
- Deadline for controllers to allow a consumer to opt out through an opt-out preference signal (Section 6(e)(1)(A)(ii)).

Connecticut News and Resources

Connecticut enacts comprehensive consumer data privacy law
(May 2022)
Connecticut gov. signs cybersecurity law
(July 2021)
Connecticut’s late, unique press for privacy law falls short
(June 2021)
Attorney General Tong on enforcement priorities, legislative landscape in Connecticut
(April 2021)
Q&A: Connecticut AG Talks Privacy Enforcement, Collaboration with the FTC
(August 2014)

Delaware News and Resources

Delaware’s amended data breach notification law adds strict requirements
(August 2017)

Florida News and Resources

Florida privacy bill maintains PRA ahead of House floor vote
(February 2022)
Rep. calls for investigation into school data program in Fla.
(January 2021)
FPF analysis alleges Fla. Sheriff’s Office violates student privacy
(December 2020)
FSU students say online exam software violates privacy rights
(March 2020)
Location tracker led to suspected burglary for Fla. man
(March 2020)

Georgia News and Resources

Ga. Department of Driver’s Services sharing data with ICE
(March 2020)
Ga. Attorney General Chris Carr on breaches, federal law
(October 2019)

Hawaii News and Resources

Hawaii Legislature considers privacy bills
(January 2022)

Idaho News and Resources

Idaho AG Talks Breach Notification, His Role as Privacy Enforcer
(October 2014)
Idaho Passes Drone Privacy Law
(April 2013)
Companies Hesitant To Notify, Breach at Idaho Healthcare Firm
(August 2014)

Illinois News and Resources

BIPA Legislation Introduced in 2021
(October 2021)
Illinois court addresses statutes of limitations for BIPA claims
(September 2021)
Illinois enacts Protecting Household Privacy Act
(August 2021)
Facebook’s $650M BIPA settlement ‘a make-or-break moment’
(April 2021)
Facebook’s $650M BIPA settlement ‘a make-or-break moment’
(March 2021)

Ill. law boosts student data protections
(January 2021)
Ill. Attorney General Kwame Raoul on changes to state’s data breach law
(September 2020)
Judge approves $3.2M settlement in Ill. BIPA case
(June 2020)
Lawsuit claims TikTok violated Illinois’ BIPA
(May 2020)
Ill. man sues Google over collection of students’ biometric data
(April 2020)
Facebook agrees to $550M class settlement in Ill. BIPA suit
(January 2020)
Sen. proposes Ill. privacy legislation
(January 2020)

View More Resources

Indiana News and Resources

Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more
(May 2022)
Flip and move: Amended Indiana privacy bill clears Senate committee
(February 2022)
Indiana CPO breaks down state’s COVID-19 privacy preparedness
(October 2020)
Indiana attorney general talks black market, breaches and priorities
(March 2018)
Indiana medical records service reaches $100K settlement over HIPAA violations
(May 2019)

Forced smartphone entry up for debate in Indiana
(April 2019)
Q & A: Indiana AG on Initiatives, Priorities for Privacy Protection
(May 2014)

View More Resources

Iowa News and Resources

Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches
(March 2022)
Iowa launches digital driver’s license pilot program
(December 2021)

Kansas News and Resources

Kansas Senate approves permanent COVID-19 contact-tracing rules
(April 2021)
A Q&A with Kansas Attorney General Derek Schmidt
(September 2017)
Kansas Secretary of State’s website removed database containing PII
(January 2018)

Kentucky News and Resources

Kentucky court rules police need warrant to ping cell phones
(February 2020)

Maine News and Resources

Maine Privacy Law Guide
(May 2022)
Maine passes statewide facial recognition ban
(July 2021)
Maine privacy law takes force despite legal challenges
(August 2020)
Comparing Maine and Nevada’s new privacy laws with the CCPA
(June 2019)

Maryland News and Resources

Maryland names first-ever privacy, data officers
(November 2021)
Maryland adds government CDO, CPO roles
(August 2021)
Maryland, Montana pass laws on DNA use for criminal investigations
(June 2021)
Facial recognition bills proposed in Maryland, Alabama
(February 2021)
Md. Attorney General Brian Frosh talks future legislation
(January 2020)

Massachusetts News and Resources

Massachusetts governor considers vaccine passport requirements
(November 2021)
Boston City Council must approve all surveillance tech, new ordinance says
(October 2021)
Personal transit data protected from warrantless searches under Mass. law
(January 2021)
Mass. governor opposes facial recognition moratorium in police reform bill
(December 2020)
Mass. attorney general stands up Data Privacy, Security Division
(August 2020)

Massachusetts Senate passes data breach protection bill
(May 2018)
Q&A with Massachusetts AG Maura Healey
(August 2016)

View More Resources

Michigan News and Resources

Michigan Attorney General Nessel on strengthening consumer protections, right to privacy
(August 2022)
Encrypted police app prompts call for change from Michigan lawmakers
(February 2021)
Michigan airport to use ‘smart helmets’
(September 2020)

Minnesota News and Resources

Minnesota passes student privacy bill
(June 2022)
Law regulates drone use by Minnesota law enforcement
(May 2021)
Minneapolis bans police use of facial recognition
(February 2021)
Minneapolis police file geofence warrant to identify protestors
(March 2021)
Addresses of COVID-19 patients exposed in Minn.
(September 2020)

Minn. hospitals hit by data breach
(September 2020)
Minnesota to recognize IAPP PLS certification
(June 2019)

View More Resources

Mississippi News and Resources

Google must face Mississippi privacy lawsuit
(August 2018)

Missouri News and Resources

Missouri Senate passes bill to outlaw nonconsensual pornography
(May 2018)
Missouri governor indicted on privacy invasion charges
(October 2018)

Montana News and Resources

Maryland, Montana pass laws on DNA use for criminal investigations
(June 2021)
Health care data breach affects 130K Montana patients
(October 2019)
Court rules against Montana’s ban on political robocalls
(September 2019)

Nevada News and Resources

Nevada Privacy Law Compliance Guide
(June 2022)
A conversation with Nev. Attorney General Aaron Ford
(October 2020)
Nev. teachers worried about students’ privacy during online learning
(August 2020)
Are you prepped to comply with Nevada’s opt-out law?
(November 2019)
Nevada passes consumer opt-out bill
(June 2019)

New Hampshire News and Resources

NH Legislature considering privacy bill
(February 2020)
NH Senate rejects biometric information bill
(January 2020)

New Jersey News and Resources

NJ gov.: Health data kept secure during contact tracing
(June 2020)
N.J. lawmakers propose data privacy bill
(February 2020)

New Mexico News and Resources

Google, New Mexico reach settlement over children’s privacy claims
(August 2021)
New Mexico AG alleges Google violated COPPA
(February 2020)
New Mexico governor inks data breach notification law
(April 2017)

New York News and Resources

New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation
(September 2022)
NYC biometric law enters into force
(July 2021)
New York DFS announces $3M breach settlement
(April 2021)
NYPL’s privacy leader on safeguarding patron trust, transparency
(March 2021)
NY investigation finds Facebook did not prevent sharing of sensitive user data
(February 2021)

NY financial regulator charges insurance company over 2019 breach
(July 2020)
NY legislature approves ban of facial recognition in schools through 2022
(July 2020)
NYC Council passes surveillance oversight bill
(June 2020)
State Sen. working on NY employee privacy legislation
(May 2020)
Zoom agrees to privacy updates in deal with NY attorney general
(May 2020)
NY’s SHIELD Act has taken effect — what does this mean for your business?
(March 2020)
NYC subway’s OMNY tap-to-pay system raises privacy concerns
(March 2020)
NYPD alters rules for DNA evidence uses
(February 2020)
NY school district adopts facial-recognition tech
(March 2020)

View More Resources

North Carolina News and Resources

Changes on the horizon for North Carolina’s data breach notification law
(January 2019)

North Dakota News and Resources

North Dakota hires chief data officer
(October 2021)
Proposed opt-in law voted down by North Dakota committee
(March 2021)
ND passes policy to protect student data privacy
(June 2020)
ND court suspends online document access following privacy concerns
(January 2020)

Ohio News and Resources

Ohio Attorney General Yost on state, federal privacy law, FTC and more
(August 2021)
Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
(August 2021)
Ohio Supreme Court seeks public comment on privacy law specialization
(December 2020)
Ohio’s data breach law offers safe harbor for certain incidents
(November 2018)
Analysis: Ohio’s Data Protection Act
(October 2018)

Oklahoma News and Resources

A state legislator’s perspective on data privacy legislation
(March 2022)
Oklahoma PD proposes crime center with surveillance cameras
(July 2021)
Okla. to study internet data privacy
(July 2020)
Ark., Okla. residents’ court, utility payment transactions exposed
(April 2020)
Oklahoma Department of Securities sued over data breach
(March 2020)

Oregon News and Resources

COVID-19-related data focus of lawsuit against Google, Oregon bill
(April 2021)
Data breach affects 654K Health Share of Oregon members
(February 2020)

Pennsylvania News and Resources

Pa. to release contact-tracing app, lawmakers state privacy concerns
(September 2020)
Pa. city considers ban on facial recognition technology
(August 2020)
Interview with Pennsylvania Attorney General Josh Shapiro
(May 2018)
Pennsylvania Supreme Court: Employers have legal duty to protect employee data
(December 2018)

Rhode Island News and Resources

Rhode Island lawmaker proposes data transparency and protection act
(January 2018)

South Carolina News and Resources

New cybersecurity rules take effect in South Carolina
(January 2019)

South Dakota News and Resources

South Dakota Senate committee passes data breach notification bill
(January 2018)

Tennessee News and Resources

Mixed committee results for Connecticut, Tennessee privacy bills
(March 2022)
A conversation with Tenn. Attorney General Herbert Slatery
(February 2021)
Tenn. department sells data of 7.2M drivers
(February 2020)
Tennessee law first to require notification regardless of information encryption status
(March 2016)

Texas News and Resources

HHS waives HIPAA penalties in Texas
(February 2021)
Privacy pros underwhelmed by Texas privacy council’s report
(September 2020)
Advertising associations urge Texas Legislature to reject opt-in consent proposals
(August 2020)
Texas attorney general investigating Facebook’s biometric data practices
(July 2020)
IAPP PLS certification given specialty designation in Texas
(May 2020)

Facial recognition to monitor pedestrians at Texas border crossing
(March 2020)
AI camera detects COVID-19 fever
(March 2020)
New council will help form future Texas privacy legislation
(November 2019)
Texas updates breach notification law, creates new privacy council
(May 2019)
Two consumer privacy bills filed in Texas
(April 2019)

View More Resources

Passed Laws, Regulations, Dates and Deadlines
Passed Laws and Regulations

Utah Consumer Privacy Act
- View on the Utah Legislative website
Key Dates Related to the Utah Consumer Privacy Act

Dec. 31, 2023
- Utah law’s effective date (Section 17).
July 1, 2025
- Deadline for attorney general and the Division of Consumer Protection to submit a report regarding the law (Section 13-61-404).

Utah News and Resources

Utah Supreme Court rules victims should be able to defend privacy rights
(June 2022)
Utah’s privacy officer wants to train, certify 50 privacy, security specialists
(April 2022)
Utah on the cusp of US’s latest comprehensive state privacy law
(March 2022)
Utah gov. appoints state’s first Department of Government Operations privacy officer
(July 2021)
Utah passes government privacy bill
(March 2021)

Utah Student Data Privacy Guidebook
(October 2020)
New Utah Department of Public Safety policies regulate facial recognition
(September 2020)
Privacy vs. cancer research debated in Utah
(February 2020)

View More Resources

Vermont News and Resources

Vt. attorney general seeks change to facial recognition ban
(February 2021)
Vt. Legislature passes facial recognition ban
(October 2020)
Court rules Vt. suit against Clearview AI can proceed
(September 2020)
Vt. attorney general publishes data breach law guidance
(July 2020)
Vermont attorney general talks regulating data brokers, protecting consumers
(April 2019)

Analysis: Vermont’s data broker regulation
(July 2018)

View More Resources

Passed Laws, Regulations, Dates and Deadlines
Passed Laws and Regulations

Consumer Data Protection Act
- View in the Code of Virginia
Jan. 1, 2023
- Effective date. Data protection assessment requirements apply to processing activities created or generated after Jan. 1. 2023 and are not retroactive (Section 59.1-580(F).
- Amendments to the Consumer Data Protection Act take effect.