US State Privacy


US State Privacy Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to state privacy in the United States. The IAPP Resource Center also includes US Federal Privacy and CCPA and CPRA topic pages.

United States Privacy Digest newsletter

Be in-the-know on US privacy news by subscribing to the US Privacy Digest newsletter.

Additional News and Resources

Defining ‘comprehensive’: Florida, Washington and the scope of state tracking

What does the Colorado AI Act mean for AI governance and policymaking?

US state AI governance bills: Reflecting on the 2024 cycle with a new resource

Unpacking the shift toward substantive data minimization rules in proposed legislation

PRA highlights novelties in Vermont’s comprehensive privacy bill

Enacted Federal Statutes with PRA

Colorado awaits fate of AI regulation bill

Major trends in US cybersecurity law and policy

Key Dates from US Comprehensive State Privacy Laws

Assessing ‘necessity’ under state health privacy laws

Framework debate shows as Kentucky nears comprehensive privacy law

Private-sector AI bill clears Utah Legislature

A look at proposed US state private sector AI legislation

Defining ‘comprehensive’: Florida, Washington and the scope of state tracking

Adverse event reporting and preparing for the next wave of privacy litigation

EPIC finds oversized tech influence on state privacy laws

Connecticut attorney general publishes report on Data Privacy Act

State lawmaker’s take on New Hampshire comprehensive privacy bill’s impacts

Nuances highlight New Jersey’s comprehensive privacy bill

Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement

CPPA releases initial automated decision-making rules proposal

CPPA’s draft automated decision-making rules unpacked

What’s next for US state-level AI legislation

My Health, My Data, My Class Action Lawsuit — Mitigating Healthcare Privacy Risk

The year that was in state data privacy

California Legislature passes Delete Act regulating data brokers

US states leverage existing models of privacy legislation

California privacy agency lays out vision for cybersecurity regulation

Montana attorney general backs TikTok privacy concerns

Addressing the duty of care in state privacy laws

U.S. privacy legislation in 2023: Something old, something new?

Connecticut takes a first stab at regulating government use of AI

Illinois federal judge overturns $228M damages award in first BIPA case

Practical considerations for bias audits under NYC Local Law 144

Texas latest to add comprehensive state privacy law

The ranging impacts of Florida’s Digital Bill of Rights

Key steps for meeting US state PIA obligations

DeSantis signs Florida’s Digital Bill of Rights

The ranging impacts of Florida’s Digital Bill of Rights

Utah drafting statewide privacy plan for state agencies

Montana governor signs bill banning TikTok

State privacy dispatch: Why the floodgates opened

Indiana governor signs a comprehensive privacy act into law

Complying with Colorado’s data protection assessment requirements

Illinois BIPA cases up 65% following Supreme Court decision

The sweeping scope of Washington’s My Health, My Data Act

Washington’s My Health, My Data Act

The expanding privacy partnership in New York City

How should mobile apps prepare for California’s privacy scrutiny?

UK and California age-appropriate design rules — Similar principles, subtle differences

Montana, Tennessee comprehensive privacy bills clear legislatures

Montana passes first statewide TikTok ban

Washington state on track to pass broad-based health data privacy law

Indiana poised to add to US state privacy law patchwork

Arkansas passes children’s social media bill

Iowa becomes sixth US state to enact comprehensive consumer privacy legislation

The rise of US state-level BIPA: Illinois leads, others catching up

Filling the void? The 2023 state privacy laws and consumer health data

Colorado Privacy Act regulations finalized

California legislative wrap-up: CCPA amendments, children’s privacy and more

Iowa set to finalize sixth US comprehensive state privacy law

State privacy prospects bring new paradigm in 2023

State AGs and Privacy in 2023: What Your Business Needs to Know

State privacy dispatch: How the 2023 landscape is materializing

Takeaways from Ohio court ruling on ransomware and insurance exclusions

Privacy operations to update in the first half of 2023 for California, Colorado regulations

Several Illinois BIPA lawsuits filed at the end of 2022

All things ‘California Privacy Law’ with Lothar Determann

2023 brings US state privacy law preparedness into focus

Attorney general drops revised Colorado Privacy Act draft rules

New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation

The Growth of State Privacy Legislation

New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation

2023 US State Data Protection Laws – A Summary of Opt-Out Rights and Preference Signal Requirements

State Attorneys General on privacy, cybersecurity, enforcement and legislation

California Age-Appropriate Design Code final passage brings mixed reviews

State data privacy legislation: Takeaways from 2022 and what to expect in 2023

Michigan Attorney General Nessel on strengthening consumer protections, right to privacy

BakerHostetler – US Breach Notification Law Interactive Map

Utah Supreme Court rules victims should be able to defend privacy rights

US State Data Breach Notification Law Matrix

Nevada Privacy Law Compliance Guide

Minnesota passes student privacy bill

US state privacy laws: What you need to know

Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more

Exceptions in new US state privacy laws leave data without security coverage

Connecticut enacts comprehensive consumer data privacy law

Maine Privacy Law Guide

Colorado Privacy Act Compliance Guide

Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date

Virginia governor signs VCDPA amendment bills

Colorado attorney general details his CPA enforcement priorities at IAPP GPS22

Data Privacy Protection: A Colorado Perspective

Utah’s privacy officer wants to train, certify 50 privacy, security specialists

Utah becomes fourth US state to enact comprehensive consumer privacy legislation

Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches

A state legislator’s perspective on data privacy legislation

Colorado – Data Security Best Practices

Unpacking Washington state’s cluster of comprehensive privacy bills

State attorneys general sue Google with ‘dark patterns’ claims

Status of the California Privacy Protection Agency’s work

Iowa launches digital driver’s license pilot program

Colorado Privacy Act Compliance Guide

Maryland names first-ever privacy, data officers

Recap of Virginia Consumer Data Protection Work Group

Bloomberg Law – Biometric Data Privacy Laws

North Dakota hires chief data officer

BIPA Legislation Introduced in 2021

NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government

Boston City Council must approve all surveillance tech, new ordinance says

NASCIO – State Chief Information Officer Surveys

NASCIO Report: State CIO use of the Cloud

Illinois court addresses statutes of limitations for BIPA claims

Data Privacy Issues in West Virginia: An Overview

Illinois enacts Protecting Household Privacy Act

Google, New Mexico reach settlement over children’s privacy claims

California attorney general issues guidance on health privacy law obligations

Member Spotlight: A conversation with Domingo DeGrazia

Ohio Attorney General Yost on state, federal privacy law, FTC and more

Ohio Lt. Governor Jon Husted discusses the state’s privacy bill

Maryland adds government CDO, CPO roles

California attorney general offers CCPA enforcement update, launches reporting tool

Update by the California attorney general could be a game-changer

NYC biometric law enters into force

Colorado Privacy Act becomes law

NYC biometric law enters into force

Maine passes statewide facial recognition ban

Vaccination records raising privacy concerns in California

Maryland, Montana pass laws on DNA use for criminal investigations

Law regulates drone use by Minnesota law enforcement

Opt-in vs. opt-out approaches to personal information processing

State Data Breach Notification Chart

‘States are where the action is’ on privacy legislation

Attorney General Tong on enforcement priorities, legislative landscape in Connecticut

Illinois Senate passes strengthened privacy protections for assault victims

The Washington Privacy Act goes 0 for 3

Research shows ‘massive amount’ of vehicle surveillance in California

New York DFS announces $3M breach settlement

16 states join Alabama in disputing Census use of differential privacy

House fails to pass WPA, bill sponsor says it ‘remains alive’

Whittled Florida privacy bill moves forward

House Appropriations Committee passes amended WPA

Kansas Senate approves permanent COVID-19 contact-tracing rules

House committee advances WPA with limited private right of action

What the CPPA’s appointments say about enforcement priorities, strategy

NYPL’s privacy leader on safeguarding patron trust, transparency

California names appointees to new privacy enforcement agency

What Virginia’s Consumer Data Protection Act means for your privacy program

What Virginia’s Consumer Data Protection Act means for your privacy program

Analyzing Virginia’s new privacy law with Odia Kagan

Facebook’s $650M BIPA settlement ‘a make-or-break moment’

Analyzing Virginia’s new privacy law with Odia Kagan

Challenge accepted: Initial Virginia CDPA reactions, considerations

Challenge accepted: Initial Virginia CDPA reactions, considerations

Virginia passes the Consumer Data Protection Act

Virginia passes the Consumer Data Protection Act

A conversation with Tenn. Attorney General Herbert Slatery

Minneapolis bans police use of facial recognition

Proposed opt-in law voted down by North Dakota committee

Minneapolis police file geofence warrant to identify protestors

Facial recognition bills proposed in Maryland, Alabama

Personal transit data protected from warrantless searches under Mass. law

FPF analysis alleges Fla. Sheriff’s Office violates student privacy

Breach of voter registration system exposes 113K Alaskan voters’ data

What is the California Privacy Protection Agency?

A conversation with Nev. Attorney General Aaron Ford

House Republicans seek details on VA data breach

Vt. Legislature passes facial recognition ban

Utah Student Data Privacy Guidebook

Ill. Attorney General Kwame Raoul on changes to state’s data breach law

Privacy pros underwhelmed by Texas privacy council’s report

Gov. Newsom signs bill on Calif. SSN privacy

Colo. law enforcement accessed DMV’s facial recognition software

Calif. passes genetic privacy bill

Michigan airport to use ‘smart helmets’

CDT — Responsible Technology Training Series for Education Practitioners

Arizona MVD sells Social Security numbers to private investigators

Mass. attorney general stands up Data Privacy, Security Division

Maine privacy law takes force despite legal challenges

NY legislature approves ban of facial recognition in schools through 2022

Va. expands COVID-19 database

Man charged in Va. bank robbery challenges geofence warrant

NYC Council passes surveillance oversight bill

Judge approves $3.2M settlement in Ill. BIPA case

ND passes policy to protect student data privacy

Ariz. attorney general files lawsuit against Google over location tracking

IAPP PLS certification given specialty designation in Texas

NY’s SHIELD Act has taken effect — what does this mean for your business?

Ark., Okla. residents’ court, utility payment transactions exposed

Wash. facial-recognition bill signed into law

Ga. Department of Driver’s Services sharing data with ICE

Kentucky court rules police need warrant to ping cell phones

Data breach affects 654K Health Share of Oregon members

Md. Attorney General Brian Frosh talks future legislation

ND court suspends online document access following privacy concerns

Ga. Attorney General Chris Carr on breaches, federal law

Arizona court rules citizens have a right to online privacy from authorities without a warrant

Minnesota to recognize IAPP PLS certification

Nevada passes consumer opt-out bill

Vermont attorney general talks regulating data brokers, protecting consumers

Why are states making consumer data less secure?

Op-ed: Marketers should focus on state privacy laws over a federal rule

Changes on the horizon for North Carolina’s data breach notification law

US federal privacy preemption part 1: History of federal preemption of stricter state laws

Analysis: Ohio’s Data Protection Act

Wisconsin county suffers data breach affecting 258K citizens

Analysis: Vermont’s data broker regulation

Interview with Pennsylvania Attorney General Josh Shapiro

Missouri Senate passes bill to outlaw nonconsensual pornography

Massachusetts Senate passes data breach protection bill

Indiana attorney general talks black market, breaches and priorities

A Q&A with Kansas Attorney General Derek Schmidt

Delaware’s amended data breach notification law adds strict requirements