Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.
IAPP Job BoardLooking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.
IAPP CalendarReview a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Chinese Personal Information Protection (CIPP/CN)
Learn compliance with the three major laws (PIPL, CSL, DSL) forming the framework of Chinese privacy.
Artificial Intelligence Governance ProfessionalLearn how to create and implement policies and procedures that make the most of AI’s potential by reducing its risks.
European Data Protection (CIPP/E)Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.
U.S. Private-Sector Privacy (CIPP/US)Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.
Canadian Privacy (CIPP/C)Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.
Privacy Program Management (CIPM)Develop the skills to design, build and operate a comprehensive data protection program.
Privacy in Technology (CIPT)Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.
Foundations of Privacy and Data ProtectionIntroductory training that builds organizations of professionals with working privacy knowledge.
Privacy Law Specialist Training (PLS)
Meet the stringent requirements to earn this American Bar Association-certified designation.
CIPP/CN Certification
For professionals who are responsible for compliance with China's major privacy laws - PIPL, DSL, CSL.
AIGP Certification
Ensures individuals responsible for AI systems can reduce the risks associated with this technology.
CIPP Certification
The global standard for the go-to person for privacy laws, regulations and frameworks
CIPM Certification
The first and only privacy certification for professionals who manage day-to-day operations
CIPT Certification
As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.
FIP Designation
Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.
Privacy Law Specialist
The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.
Certificação CDPO/BR
Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.
Access all reports and surveys published by the IAPP.
The IAPP publishes longform, web-based resource articles to provide in-depth analysis on relevant topics in the privacy space.
Access all white papers published by the IAPP.
Access all infographics published by the IAPP.
The Privacy Advisor Podcast provides interviews with the privacy world's most interesting voices.
The IAPP's video library provides insights, reactions and opinions on a range of topics, including regulatory developments, areas of privacy operations management and more.
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
On this page, you’ll find articles and tools to help you get a basic understanding of the job of the privacy pro and data protection laws and practices around the globe.
Global Privacy Summit
The world's largest forum for connecting with other privacy, AI governance and digital responsibility professionals.
AI Governance Global Europe
Join us in Dublin for the leading European conference on AI governance, addressing challenges and impacts of the EU AI Act.
Privacy. Security. Risk. (P.S.R.)
P.S.R. focuses on the intersection of privacy, AI governance, digital responsibility and technology. 2025 registration opens in June.
Data Protection Intensive: UK
The call for proposals is open. Submit your idea by 3 Aug. for a chance to speak at DPI: UK 2026.
AI Governance Global North America
Join us in Boston as we focus on the unique and broad array of challenges AI governance professionals face in North America.
Asia 2025: Privacy Forum + AI Governance Global
With 2 events in 1, IAPP Asia 2025 will expand your skill set in two disciplines with practical advice from the region’s top minds.
Canada Privacy Symposium
Leaders from the privacy, AI governance and digital responsibility professions gather in Canada to deliver insights, discuss trends and share best practices.
Navigate: Digital Policy Leadership Retreat 2025
A new event focused on digital regulation, risk and responsibility. Co-hosted by the Berkman Klein Center for Internet & Society at Harvard University and the IAPP.
Speak at an IAPP EventView our open calls and submission instructions.
Sponsor an EventIncrease visibility for your organization — check out sponsorship opportunities today.
Resource Center / Topic Pages / US State Privacy
TOPIC PAGE
Here, you can find the IAPP’s collection of coverage, analysis and resources related to state privacy in the United States. The IAPP Resource Center also includes US Federal Privacy and CCPA and CPRA topic pages.
United States Privacy Digest newsletter
Be in-the-know on US privacy news by subscribing to the US Privacy Digest newsletter.
Subscribe here
US State Privacy Legislation Tracker
This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More
US State AI Governance Legislation Tracker
This tool tracks US state cross-sectoral laws with direct application to the use of AI systems in the private sector.
Read More
This report analyzes similarities and differences between enacted U.S. comprehensive state privacy laws.
California Privacy and AI Legislation Tracker
This tracker highlights any California data law with potential privacy or AI governance implications across sectors.
Read More
US state privacy law kaleidoscope
This article covers the sprawling group of U.S. state privacy laws, describing it as a kaleidoscope “because it gets more dizzying every week and the colors get a little more vivid as different variants emerge.”
Read More
Private Rights of Action in US Privacy Legislation
This article examines privacy rights of action in US state and federal privacy legislation, including enforcement provisions contained in the revised discussion draft of the APRA.
Read More
Virginia governor vetoes AI bill
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Geolocation privacy takes center stage on US regulators’ agendas
A year in review: Privacy, data security enforcement by New York’s attorney general
Virginia Legislature passes AI bill, but unclear if governor will sign it
US state AI legislation in 2025: A discussion with Connecticut state Sen. James Maroney
The state of US reproductive privacy in 2025: Trends and operational considerations
Synthesizing US state privacy law: Cross-cutting compliance strategies for 2025
New year, new privacy laws and new attorneys general on the beat
U.S. privacy outlook for 2025: Horror vacui
Open letter: Why now is the time to act on US state AI legislation
New laws in California look to the future of privacy and AI
Deployers and developers: Colorado’s partnership for AI governance
2024 in US state privacy law: A retrospective with Keir Lamont and David Stauss
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
Last-minute legislative decisions shape California’s AI, privacy regimes
California Rulemaking Process Overview
Colorado’s approach to universal opt-out requirements
California awaits fate of legislature-approved AI safety bill
How Texas strives to be US state privacy enforcement leader
Rhode Island’s comprehensive privacy bill raises patchwork misalignment concerns
The Vermont veto is a step backward for privacy
What does the Colorado AI Act mean for AI governance and policymaking?
US state AI governance bills: Reflecting on the 2024 cycle with a new resource
Unpacking the shift toward substantive data minimization rules in proposed legislation
PRA highlights novelties in Vermont’s comprehensive privacy bill
Enacted Federal Statutes with PRA
Colorado awaits fate of AI regulation bill
Major trends in US cybersecurity law and policy
Key Dates from US Comprehensive State Privacy Laws
Assessing ‘necessity’ under state health privacy laws
Framework debate shows as Kentucky nears comprehensive privacy law
Private-sector AI bill clears Utah Legislature
A look at proposed US state private sector AI legislation
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Adverse event reporting and preparing for the next wave of privacy litigation
EPIC finds oversized tech influence on state privacy laws
Connecticut attorney general publishes report on Data Privacy Act
State lawmaker’s take on New Hampshire comprehensive privacy bill’s impacts
Nuances highlight New Jersey’s comprehensive privacy bill
Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement
CPPA releases initial automated decision-making rules proposal
CPPA’s draft automated decision-making rules unpacked
What’s next for US state-level AI legislation
My Health, My Data, My Class Action Lawsuit — Mitigating Healthcare Privacy Risk
The year that was in state data privacy
California Legislature passes Delete Act regulating data brokers
US states leverage existing models of privacy legislation
California privacy agency lays out vision for cybersecurity regulation
Montana attorney general backs TikTok privacy concerns
Addressing the duty of care in state privacy laws
U.S. privacy legislation in 2023: Something old, something new?
Connecticut takes a first stab at regulating government use of AI
Illinois federal judge overturns $228M damages award in first BIPA case
Practical considerations for bias audits under NYC Local Law 144
Texas latest to add comprehensive state privacy law
The ranging impacts of Florida’s Digital Bill of Rights
Key steps for meeting US state PIA obligations
DeSantis signs Florida’s Digital Bill of Rights
The ranging impacts of Florida’s Digital Bill of Rights
Utah drafting statewide privacy plan for state agencies
Montana governor signs bill banning TikTok
State privacy dispatch: Why the floodgates opened
Indiana governor signs a comprehensive privacy act into law
Complying with Colorado’s data protection assessment requirements
Illinois BIPA cases up 65% following Supreme Court decision
The sweeping scope of Washington’s My Health, My Data Act
Washington’s My Health, My Data Act
The expanding privacy partnership in New York City
How should mobile apps prepare for California’s privacy scrutiny?
UK and California age-appropriate design rules — Similar principles, subtle differences
Montana, Tennessee comprehensive privacy bills clear legislatures
Montana passes first statewide TikTok ban
Washington state on track to pass broad-based health data privacy law
Indiana poised to add to US state privacy law patchwork
Arkansas passes children’s social media bill
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
The rise of US state-level BIPA: Illinois leads, others catching up
Filling the void? The 2023 state privacy laws and consumer health data
Colorado Privacy Act regulations finalized
California legislative wrap-up: CCPA amendments, children’s privacy and more
Iowa set to finalize sixth US comprehensive state privacy law
State privacy prospects bring new paradigm in 2023
State AGs and Privacy in 2023: What Your Business Needs to Know
State privacy dispatch: How the 2023 landscape is materializing
Takeaways from Ohio court ruling on ransomware and insurance exclusions
Privacy operations to update in the first half of 2023 for California, Colorado regulations
Several Illinois BIPA lawsuits filed at the end of 2022
All things ‘California Privacy Law’ with Lothar Determann
2023 brings US state privacy law preparedness into focus
Attorney general drops revised Colorado Privacy Act draft rules
The Growth of State Privacy Legislation
2023 US State Data Protection Laws – A Summary of Opt-Out Rights and Preference Signal Requirements
State Attorneys General on privacy, cybersecurity, enforcement and legislation
California Age-Appropriate Design Code final passage brings mixed reviews
State data privacy legislation: Takeaways from 2022 and what to expect in 2023
Michigan Attorney General Nessel on strengthening consumer protections, right to privacy
BakerHostetler – US Breach Notification Law Interactive Map
Utah Supreme Court rules victims should be able to defend privacy rights
US State Data Breach Notification Law Matrix
Nevada Privacy Law Compliance Guide
Minnesota passes student privacy bill
US state privacy laws: What you need to know
Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more
Exceptions in new US state privacy laws leave data without security coverage
Connecticut enacts comprehensive consumer data privacy law
Colorado Privacy Act Compliance Guide
Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
Virginia governor signs VCDPA amendment bills
Colorado attorney general details his CPA enforcement priorities at IAPP GPS22
Data Privacy Protection: A Colorado Perspective
Utah’s privacy officer wants to train, certify 50 privacy, security specialists
Utah becomes fourth US state to enact comprehensive consumer privacy legislation
A state legislator’s perspective on data privacy legislation
Colorado – Data Security Best Practices
Unpacking Washington state’s cluster of comprehensive privacy bills
State attorneys general sue Google with ‘dark patterns’ claims
Status of the California Privacy Protection Agency’s work
Iowa launches digital driver’s license pilot program
Colorado Privacy Act Compliance Guide
Maryland names first-ever privacy, data officers
Recap of Virginia Consumer Data Protection Work Group
Bloomberg Law – Biometric Data Privacy Laws
North Dakota hires chief data officer
BIPA Legislation Introduced in 2021
NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government
Boston City Council must approve all surveillance tech, new ordinance says
NASCIO – State Chief Information Officer Surveys
NASCIO Report: State CIO use of the Cloud
Illinois court addresses statutes of limitations for BIPA claims
Data Privacy Issues in West Virginia: An Overview
Illinois enacts Protecting Household Privacy Act
Google, New Mexico reach settlement over children’s privacy claims
California attorney general issues guidance on health privacy law obligations
Member Spotlight: A conversation with Domingo DeGrazia
Ohio Attorney General Yost on state, federal privacy law, FTC and more
Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
Maryland adds government CDO, CPO roles
California attorney general offers CCPA enforcement update, launches reporting tool
Update by the California attorney general could be a game-changer
NYC biometric law enters into force
Colorado Privacy Act becomes law
NYC biometric law enters into force
Maine passes statewide facial recognition ban
Vaccination records raising privacy concerns in California
Maryland, Montana pass laws on DNA use for criminal investigations
Law regulates drone use by Minnesota law enforcement
Opt-in vs. opt-out approaches to personal information processing
State Data Breach Notification Chart
‘States are where the action is’ on privacy legislation
Attorney General Tong on enforcement priorities, legislative landscape in Connecticut
Illinois Senate passes strengthened privacy protections for assault victims
The Washington Privacy Act goes 0 for 3
Research shows ‘massive amount’ of vehicle surveillance in California
New York DFS announces $3M breach settlement
16 states join Alabama in disputing Census use of differential privacy
House fails to pass WPA, bill sponsor says it ‘remains alive’
Whittled Florida privacy bill moves forward
House Appropriations Committee passes amended WPA
Kansas Senate approves permanent COVID-19 contact-tracing rules
House committee advances WPA with limited private right of action
What the CPPA’s appointments say about enforcement priorities, strategy
NYPL’s privacy leader on safeguarding patron trust, transparency
California names appointees to new privacy enforcement agency
What Virginia’s Consumer Data Protection Act means for your privacy program
What Virginia’s Consumer Data Protection Act means for your privacy program
Analyzing Virginia’s new privacy law with Odia Kagan
Facebook’s $650M BIPA settlement ‘a make-or-break moment’
Analyzing Virginia’s new privacy law with Odia Kagan
Challenge accepted: Initial Virginia CDPA reactions, considerations
Challenge accepted: Initial Virginia CDPA reactions, considerations
Virginia passes the Consumer Data Protection Act
Virginia passes the Consumer Data Protection Act
A conversation with Tenn. Attorney General Herbert Slatery
Minneapolis bans police use of facial recognition
Proposed opt-in law voted down by North Dakota committee
Minneapolis police file geofence warrant to identify protestors
Facial recognition bills proposed in Maryland, Alabama
Personal transit data protected from warrantless searches under Mass. law
FPF analysis alleges Fla. Sheriff’s Office violates student privacy
Breach of voter registration system exposes 113K Alaskan voters’ data
What is the California Privacy Protection Agency?
A conversation with Nev. Attorney General Aaron Ford
House Republicans seek details on VA data breach
Vt. Legislature passes facial recognition ban
Utah Student Data Privacy Guidebook
Ill. Attorney General Kwame Raoul on changes to state’s data breach law
Privacy pros underwhelmed by Texas privacy council’s report
Gov. Newsom signs bill on Calif. SSN privacy
Colo. law enforcement accessed DMV’s facial recognition software
Calif. passes genetic privacy bill
Michigan airport to use ‘smart helmets’
CDT — Responsible Technology Training Series for Education Practitioners
Arizona MVD sells Social Security numbers to private investigators
Mass. attorney general stands up Data Privacy, Security Division
Maine privacy law takes force despite legal challenges
NY legislature approves ban of facial recognition in schools through 2022
Man charged in Va. bank robbery challenges geofence warrant
NYC Council passes surveillance oversight bill
Judge approves $3.2M settlement in Ill. BIPA case
ND passes policy to protect student data privacy
Ariz. attorney general files lawsuit against Google over location tracking
IAPP PLS certification given specialty designation in Texas
NY’s SHIELD Act has taken effect — what does this mean for your business?
Ark., Okla. residents’ court, utility payment transactions exposed
Wash. facial-recognition bill signed into law
Ga. Department of Driver’s Services sharing data with ICE
Kentucky court rules police need warrant to ping cell phones
Data breach affects 654K Health Share of Oregon members
Md. Attorney General Brian Frosh talks future legislation
ND court suspends online document access following privacy concerns
Ga. Attorney General Chris Carr on breaches, federal law
Arizona court rules citizens have a right to online privacy from authorities without a warrant
Minnesota to recognize IAPP PLS certification
Nevada passes consumer opt-out bill
Vermont attorney general talks regulating data brokers, protecting consumers
Why are states making consumer data less secure?
Op-ed: Marketers should focus on state privacy laws over a federal rule
Changes on the horizon for North Carolina’s data breach notification law
US federal privacy preemption part 1: History of federal preemption of stricter state laws
Analysis: Ohio’s Data Protection Act
Wisconsin county suffers data breach affecting 258K citizens
Analysis: Vermont’s data broker regulation
Interview with Pennsylvania Attorney General Josh Shapiro
Missouri Senate passes bill to outlaw nonconsensual pornography
Massachusetts Senate passes data breach protection bill
Indiana attorney general talks black market, breaches and priorities
A Q&A with Kansas Attorney General Derek Schmidt
Delaware’s amended data breach notification law adds strict requirements
