US State Privacy Legislation Tracker

This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More

US State Privacy Laws Report

This report analyzes similarities and differences, relevant terms, applicability, exemptions, consumer rights, business obligations and enforcement duties for each of the enacted U.S. comprehensive state privacy laws.
Read More

CCPA and CPRA
Topic Page

This topic page contains resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Read More

---

Here you can find privacy news and resources sorted by state. To track the status of privacy legislation by state, view the IAPP’s “US State Privacy Legislation Tracker,” which helps aid our users’ efforts to stay abreast of the changing state-privacy landscape.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

---

Alabama

• 16 states join Alabama in disputing Census use of differential privacy
  (April 2021)
• Facial recognition bills proposed in Maryland, Alabama
  (February 2021)
• Alabama’s Crimson Tide loyalty app raises privacy concerns
  (September 2019)
• Alabama approves PLS certification
  (December 2018)
• Alabama opens cybersecurity operations center
  (October 2018)

---

Alaska

• Breach of voter registration system exposes 113K Alaskan voters’ data
  (December 2020)
  
• Computer monitoring raises privacy concerns in Alaskan school
  (October 2019)
  

---

Arizona

• Member Spotlight: A conversation with Domingo DeGrazia
  (August 2021)
  
• Arizona MVD sells Social Security numbers to private investigators
  (August 2020)
  
• Ariz. attorney general files lawsuit against Google over location tracking
  (May 2020)
  
• Arizona court rules citizens have a right to online privacy from authorities without a warrant
  (July 2019)
  
• Arizona attorney general to investigate Google’s location-tracking practices
  (September 2018)
  

---

Arkansas

• Arkansas passes children’s social media bill
  (April 2023)
• Ark., Okla. residents’ court, utility payment transactions exposed
  (April 2020)
  
• Arkansas hires first CPO
  (June 2018)
  

---

California

The news and resources below are relevant to privacy in California outside of the California Consumer Privacy Act and California Privacy Rights Act. The IAPP Resource Center hosts a separate topic page, “CCPA and CPRA,” which contains a curation of the IAPP’s coverage, analysis and relevant resources covering the CCPA and CPRA.
Click To View

• How should mobile apps prepare for California’s privacy scrutiny?
  (April 2023)
• UK and California age-appropriate design rules — Similar principles, subtle differences
  (April 2023)
• California Age-Appropriate Design Code final passage brings mixed reviews
  (August 2022)
• Status of the California Privacy Protection Agency’s work
  (December 2021)
• California attorney general issues guidance on health privacy law obligations
  (August 2021)

---

Colorado

• Colorado Privacy Act Compliance Guide
  (May 2022)
• Colorado Privacy Act regulations finalized
  (March 2023)
• Attorney general drops revised Colorado Privacy Act draft rules
  (January 2023)
• Colorado attorney general details his CPA enforcement priorities at IAPP GPS22
  (April 2022)
• Data Privacy Protection: A Colorado Perspective
  (April 2022)

---

Connecticut

• Connecticut enacts comprehensive consumer data privacy law
  (May 2022)
• Connecticut gov. signs cybersecurity law
  (July 2021)
• Connecticut’s late, unique press for privacy law falls short
  (June 2021)
• Attorney General Tong on enforcement priorities, legislative landscape in Connecticut
  (April 2021)
• Q&A: Connecticut AG Talks Privacy Enforcement, Collaboration with the FTC
  (August 2014)

---

Delaware

• Delaware’s amended data breach notification law adds strict requirements
  (August 2017)
  

---

Florida

• Florida privacy bill maintains PRA ahead of House floor vote
  (February 2022)
• Rep. calls for investigation into school data program in Fla.
  (January 2021)
  
• FPF analysis alleges Fla. Sheriff’s Office violates student privacy
  (December 2020)
  
• FSU students say online exam software violates privacy rights
  (March 2020)
  
• Location tracker led to suspected burglary for Fla. man
  (March 2020)

---

Georgia

• Ga. Department of Driver’s Services sharing data with ICE
  (March 2020)
  
• Ga. Attorney General Chris Carr on breaches, federal law
  (October 2019)
  

---

Hawaii

• Hawaii Legislature considers privacy bills
  (January 2022)

---

Idaho

• Idaho AG Talks Breach Notification, His Role as Privacy Enforcer
  (October 2014)
  
• Idaho Passes Drone Privacy Law
  (April 2013)
  
• Companies Hesitant To Notify, Breach at Idaho Healthcare Firm
  (August 2014)
  

---

Illinois

• The rise of US state-level BIPA: Illinois leads, others catching up
  (March 2023)
• Several Illinois BIPA lawsuits filed at the end of 2022
  (January 2023)
• BIPA Legislation Introduced in 2021
  (October 2021)
• Illinois court addresses statutes of limitations for BIPA claims
  (September 2021)
• Illinois enacts Protecting Household Privacy Act
  (August 2021)

---

Indiana

• Indiana poised to add to US state privacy law patchwork
  (April 2023)
• Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more
  (May 2022)
• Flip and move: Amended Indiana privacy bill clears Senate committee
  (February 2022)
• Indiana CPO breaks down state’s COVID-19 privacy preparedness
  (October 2020)
  
• Indiana attorney general talks black market, breaches and priorities
  (March 2018)

---

Iowa

• Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
  (March 2023)
• Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches
  (March 2022)
• Iowa launches digital driver’s license pilot program
  (December 2021)
  

---

Kansas

• Kansas Senate approves permanent COVID-19 contact-tracing rules
  (April 2021)
  
• A Q&A with Kansas Attorney General Derek Schmidt
  (September 2017)
  
• Kansas Secretary of State’s website removed database containing PII
  (January 2018)

---

Kentucky

• Kentucky court rules police need warrant to ping cell phones
  (February 2020)
  

---

Maine

• Maine Privacy Law Guide
  (May 2022)
• Maine passes statewide facial recognition ban
  (July 2021)
  
• Maine privacy law takes force despite legal challenges
  (August 2020)
• Comparing Maine and Nevada’s new privacy laws with the CCPA
  (June 2019)

---

Maryland

• Maryland names first-ever privacy, data officers
  (November 2021)
• Maryland adds government CDO, CPO roles
  (August 2021)
  
• Maryland, Montana pass laws on DNA use for criminal investigations
  (June 2021)
• Facial recognition bills proposed in Maryland, Alabama
  (February 2021)
  
• Md. Attorney General Brian Frosh talks future legislation
  (January 2020)
  

---

Massachusetts

• Massachusetts governor considers vaccine passport requirements
  (November 2021)
• Boston City Council must approve all surveillance tech, new ordinance says
  (October 2021)
• Personal transit data protected from warrantless searches under Mass. law
  (January 2021)
  
• Mass. governor opposes facial recognition moratorium in police reform bill
  (December 2020)
  
• Mass. attorney general stands up Data Privacy, Security Division
  (August 2020)

---

Michigan

• Michigan Attorney General Nessel on strengthening consumer protections, right to privacy
  (August 2022)
• Encrypted police app prompts call for change from Michigan lawmakers
  (February 2021)
  
• Michigan airport to use ‘smart helmets’
  (September 2020)

---

Minnesota

• Minnesota passes student privacy bill
  (June 2022)
• Law regulates drone use by Minnesota law enforcement
  (May 2021)
• Minneapolis bans police use of facial recognition
  (February 2021)
  
• Minneapolis police file geofence warrant to identify protestors
  (March 2021)
  
• Addresses of COVID-19 patients exposed in Minn.
  (September 2020)

---

Mississippi

• Google must face Mississippi privacy lawsuit
  (August 2018)

---

Missouri

• Missouri Senate passes bill to outlaw nonconsensual pornography
  (May 2018)
  
• Missouri governor indicted on privacy invasion charges
  (October 2018)
  

---

Montana

• Montana, Tennessee comprehensive privacy bills clear legislatures
  (April 2023)
• Montana passes first statewide TikTok ban
  (April 2023)
• Maryland, Montana pass laws on DNA use for criminal investigations
  (June 2021)
• Health care data breach affects 130K Montana patients
  (October 2019)
  
• Court rules against Montana’s ban on political robocalls
  (September 2019)
  

---

Nevada

• Nevada Privacy Law Compliance Guide
  (June 2022)
  
• A conversation with Nev. Attorney General Aaron Ford
  (October 2020)
  
• Nev. teachers worried about students’ privacy during online learning
  (August 2020)
  
• Are you prepped to comply with Nevada’s opt-out law?
  (November 2019)
  
• Nevada passes consumer opt-out bill
  (June 2019)
  

---

New Hampshire

• NH Legislature considering privacy bill
  (February 2020)
  
• NH Senate rejects biometric information bill
  (January 2020)
  

---

New Jersey

• NJ gov.: Health data kept secure during contact tracing
  (June 2020)
  
• N.J. lawmakers propose data privacy bill
  (February 2020)
  

---

New Mexico

• Google, New Mexico reach settlement over children’s privacy claims
  (August 2021)
  
• New Mexico AG alleges Google violated COPPA
  (February 2020)
  
• New Mexico governor inks data breach notification law
  (April 2017)
  

---

New York

• The expanding privacy partnership in New York City
  (April 2023)
• NY attorney general publishes data security guide for businesses
  (April 2023)
• New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation
  (September 2022)
• NYC biometric law enters into force
  (July 2021)
• New York DFS announces $3M breach settlement
  (April 2021)

---

North Carolina

• Changes on the horizon for North Carolina’s data breach notification law
  (January 2019)
  

---

North Dakota

• North Dakota hires chief data officer
  (October 2021)
• Proposed opt-in law voted down by North Dakota committee
  (March 2021)
  
• ND passes policy to protect student data privacy
  (June 2020)
  
• ND court suspends online document access following privacy concerns
  (January 2020)
  

---

Ohio

• Takeaways from Ohio court ruling on ransomware and insurance exclusions
  (February 2023)
• Ohio Attorney General Yost on state, federal privacy law, FTC and more
  (August 2021)
  
• Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
  (August 2021)
• Ohio Supreme Court seeks public comment on privacy law specialization
  (December 2020)
  
• Ohio’s data breach law offers safe harbor for certain incidents
  (November 2018)

---

Oklahoma

• A state legislator’s perspective on data privacy legislation
  (March 2022)
• Oklahoma PD proposes crime center with surveillance cameras
  (July 2021)
  
• Okla. to study internet data privacy
  (July 2020)
  
• Ark., Okla. residents’ court, utility payment transactions exposed
  (April 2020)
  
• Oklahoma Department of Securities sued over data breach
  (March 2020)

---

Oregon

• COVID-19-related data focus of lawsuit against Google, Oregon bill
  (April 2021)
• Data breach affects 654K Health Share of Oregon members
  (February 2020)
  

---

Pennsylvania

• Pa. to release contact-tracing app, lawmakers state privacy concerns
  (September 2020)
  
• Pa. city considers ban on facial recognition technology
  (August 2020)
  
• Interview with Pennsylvania Attorney General Josh Shapiro
  (May 2018)
  
• Pennsylvania Supreme Court: Employers have legal duty to protect employee data
  (December 2018)
  

---

Rhode Island

• Rhode Island lawmaker proposes data transparency and protection act
  (January 2018)
  

---

South Carolina

• New cybersecurity rules take effect in South Carolina
  (January 2019)
  

---

South Dakota

• South Dakota Senate committee passes data breach notification bill
  (January 2018)
  

---

Tennessee

• Montana, Tennessee comprehensive privacy bills clear legislatures
  (April 2023)
• A conversation with Tenn. Attorney General Herbert Slatery
  (February 2021)
  
• Tenn. department sells data of 7.2M drivers
  (February 2020)
• Tennessee law first to require notification regardless of information encryption status
  (March 2016)

---

Texas

• HHS waives HIPAA penalties in Texas
  (February 2021)
  
• Privacy pros underwhelmed by Texas privacy council’s report
  (September 2020)
  
• Advertising associations urge Texas Legislature to reject opt-in consent proposals
  (August 2020)
  
• Texas attorney general investigating Facebook’s biometric data practices
  (July 2020)
  
• IAPP PLS certification given specialty designation in Texas
  (May 2020)
  

---

Utah

• Utah Supreme Court rules victims should be able to defend privacy rights
  (June 2022)
• Utah’s privacy officer wants to train, certify 50 privacy, security specialists
  (April 2022)
• Utah on the cusp of US’s latest comprehensive state privacy law
  (March 2022)
• Utah gov. appoints state’s first Department of Government Operations privacy officer
  (July 2021)
• Utah passes government privacy bill
  (March 2021)

---

Vermont

• Vt. attorney general seeks change to facial recognition ban
  (February 2021)
  
• Vt. Legislature passes facial recognition ban
  (October 2020)
  
• Court rules Vt. suit against Clearview AI can proceed
  (September 2020)
  
• Vt. attorney general publishes data breach law guidance
  (July 2020)
  
• Vermont attorney general talks regulating data brokers, protecting consumers
  (April 2019)
  

---

Virginia

• Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
  (April 2022)
• Comparison of Comprehensive Data Privacy Laws in Virginia and California
• Virginia governor signs VCDPA amendment bills
  (April 2022)
• Recap of Virginia Consumer Data Protection Work Group
  (November 2021)
• What Virginia’s Consumer Data Protection Act means for your privacy program
  (March 2021)
  

---

Washington

• Washington’s My Health, My Data Act
  (April 2023)
• Washington state on track to pass broad-based health data privacy law
  (April 2023)
• Washington data breaches rose 500% in 2021
  (November 2021)
• The Washington Privacy Act goes 0 for 3
  (April 2021)
• WPA enforcement key topic during Wash. senate hearing
  (February 2021)

---

West Virginia

• Data Privacy Issues in West Virginia: An Overview
  (September 2021)
  

---

Wisconsin

• Wisconsin biotech company helping businesses manage employee vaccine data
  (September 2021)
• Wis. Supreme Court asked to consider police recovery of cell data
  (October 2020)
  
• Wisconsin county suffers data breach affecting 258K citizens
  (August 2018)
  

---

Wyoming

• Wyoming introduces bill to clarify patient privacy
  (February 2019)
  

---