US State Privacy Legislation Tracker

This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More

BIPA Legislation Introduced in 2021

The Illinois Biometric Information Privacy Act is the first comprehensive biometric privacy statute in the US. BIPA litigation has significantly increased, and the IAPP will continue to monitor further developments and update this tracker as there is new activity.
Read More

CCPA and CPRA
Topic Page

This topic page contains resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Read More

---

Here you can find privacy news and resources sorted by state, in addition to the status of comprehensive state privacy legislation that has been passed, proposed or recently failed.

The IAPP Westin Research Center has been periodically updating its “US State Privacy Legislation Tracker,” which tracks proposed and enacted comprehensive privacy bills from across the country to aid our members’ efforts to stay abreast of the changing state-privacy landscape.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NE, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

News and Resources

• 16 states join Alabama in disputing Census use of differential privacy
  (April 2021)
• Facial recognition bills proposed in Maryland, Alabama
  (February 2021)
• Alabama’s Crimson Tide loyalty app raises privacy concerns
  (September 2019)
• Alabama approves PLS certification
  (December 2018)
• Alabama opens cybersecurity operations center
  (October 2018)

---

Active Bills

Statute/Bill: HB 159 (click to view)
Common Name: Consumer Data Privacy Act

---

Statute/Bill: SB 116 (click to view)
Common Name: Consumer Data Privacy Act

---

News and Resources

• Breach of voter registration system exposes 113K Alaskan voters’ data
  (December 2020)
  
• Computer monitoring raises privacy concerns in Alaskan school
  (October 2019)
  

---

News and Resources

• Member Spotlight: A conversation with Domingo DeGrazia
  (August 2021)
  
• Arizona MVD sells Social Security numbers to private investigators
  (August 2020)
  
• Ariz. attorney general files lawsuit against Google over location tracking
  (May 2020)
  
• Arizona court rules citizens have a right to online privacy from authorities without a warrant
  (July 2019)
  
• Arizona attorney general to investigate Google’s location-tracking practices
  (September 2018)
  

---

News and Resources

• Ark., Okla. residents’ court, utility payment transactions exposed
  (April 2020)
  
• Arkansas hires first CPO
  (June 2018)
  

---

Passed Laws

California Consumer Privacy Act of 2018
• Click to view HTML version on IAPP website
• Click to view on CA Legislative website

---

California Privacy Rights Act (Enters into force January 2023.)
• View Ballot Initiative (PDF)
• Click to view HTML version on IAPP website

---

CCPA and CPRA Topic Page

This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Click to View

---

News and Resources

The news and resources below are relevant to privacy in California outside of the CCPA and CPRA.

• Status of the California Privacy Protection Agency’s work
  (December 2021)
• California attorney general issues guidance on health privacy law obligations
  (August 2021)
  
• Update by the California attorney general could be a game-changer
  (July 2021)
• Vaccination records raising privacy concerns in California
  (June 2021)
• Research shows ‘massive amount’ of vehicle surveillance in California
  (April 2021)

---

Passed Laws

Colorado Privacy Act
• Click to view on CO Legislative website

---

News and Resources

• Colorado Privacy Act Compliance Guide
  (November 2021)
• Comparison of Comprehensive Data Privacy Laws in Virginia and California
  (July 2021)
• Colorado Privacy Act becomes law
  (July 2021)
• Colorado Privacy Act passes, professionals ponder effects
  (June 2021)
  
• Colo. lawmakers to introduce bill on sharing data for immigration enforcement
  (February 2021)
  

---

News and Resources

• Connecticut gov. signs cybersecurity law
  (July 2021)
• Connecticut’s late, unique press for privacy law falls short
  (June 2021)
• Attorney General Tong on enforcement priorities, legislative landscape in Connecticut
  (April 2021)
• Connecticut Supreme Court rules in favor of patient privacy
  (January 2018)
  
• Q&A: Connecticut AG Talks Privacy Enforcement, Collaboration with the FTC
  (August 2014)

---

News and Resources

• Delaware’s amended data breach notification law adds strict requirements
  (August 2017)
  
• Delaware Reader Privacy Law Takes Effect January 1
  (August 2015)
  

---

Active Bills

Statute/Bill: SB 1864 (click to view)
Common Name: Florida Privacy Protection Act

---

Statute/Bill: HB 9 (click to view)

---

News and Resources

• Florida House privacy bill keeps momentum
  (April 2021)
• Whittled Florida privacy bill moves forward
  (April 2021)
  
• Rep. calls for investigation into school data program in Fla.
  (January 2021)
  
• FPF analysis alleges Fla. Sheriff’s Office violates student privacy
  (December 2020)
  
• FSU students say online exam software violates privacy rights
  (March 2020)
  

---

News and Resources

• Ga. Department of Driver’s Services sharing data with ICE
  (March 2020)
  
• Ga. Attorney General Chris Carr on breaches, federal law
  (October 2019)
  

---

News and Resources

• Bill addresses privacy protections for Hawaiian employees, students
  (March 2020)
  
• Ad industry pushes back on Hawaii privacy bill
  (February 2020)
  
• Location privacy bill sits on Hawaiian governor’s desk
  (June 2019)
  

---

News and Resources

• Idaho AG Talks Breach Notification, His Role as Privacy Enforcer
  (October 2014)
  
• Idaho Passes Drone Privacy Law
  (April 2013)
  
• Companies Hesitant To Notify, Breach at Idaho Healthcare Firm
  (August 2014)
  

---

News and Resources

• BIPA Legislation Introduced in 2021
  (October 2021)
• Illinois court addresses statutes of limitations for BIPA claims
  (September 2021)
• Illinois enacts Protecting Household Privacy Act
  (August 2021)
• Facebook’s $650M BIPA settlement ‘a make-or-break moment’
  (April 2021)
  
• Ill. law boosts student data protections
  (April 2021)

---

Active Bills

Statute/Bill: HB 1261 (click to view)

---

News and Resources

• Indiana CPO breaks down state’s COVID-19 privacy preparedness
  (October 2020)
  
• Indiana attorney general proposes safe harbor rule to protect against cyberattacks
  (September 2020)
  
• Indiana attorney general talks black market, breaches and priorities
  (March 2018)
  
• Indiana medical records service reaches $100K settlement over HIPAA violations
  (May 2019)
  
• Forced smartphone entry up for debate in Indiana
  (April 2019)
  

---

News and Resources

• Iowa launches digital driver’s license pilot program
  (December 2021)
• Iowa introduces new breach notification bill
  (January 2018)
  

---

News and Resources

• Kansas Senate approves permanent COVID-19 contact-tracing rules
  (April 2021)
  
• A Q&A with Kansas Attorney General Derek Schmidt
  (September 2017)
  
• Kansas Secretary of State’s website removed database containing PII
  (January 2018)

---

News and Resources

• Kentucky court rules police need warrant to ping cell phones
  (February 2020)
  
• Kentucky’s attorney general proposes stronger data breach legislation
  (September 2017)
  
• Kentucky Supreme Court to weigh privacy concerns with license plate readers
  (March 2017)
  

---

News and Resources

• Florida and Louisiana Get New Laws; CNIL Gets New Powers
  (June 2014)

---

News and Resources

• Maine passes statewide facial recognition ban
  (July 2021)
  
• Maine privacy law takes force despite legal challenges
  (August 2020)
• Op-ed: Maine privacy law could ‘spark’ other states
  (July 2020)
  
• Judge turns down majority of challenge to Maine’s privacy law
  (July 2020)
  
• Comparing Maine and Nevada’s new privacy laws with the CCPA
  (June 2019)
  

---

Active Bills

Statute/Bill: SB 0011 (click to view)
Common Name: Maryland Online Consumer Protection Act

---

News and Resources

• Maryland names first-ever privacy, data officers
  (November 2021)
• Maryland adds government CDO, CPO roles
  (August 2021)
  
• Maryland, Montana pass laws on DNA use for criminal investigations
  (June 2021)
• Facial recognition bills proposed in Maryland, Alabama
  (February 2021)
  
• Md. Attorney General Brian Frosh talks future legislation
  (January 2020)
  

---

Active Bills

Statute/Bill: SD 1726 (click to view)
Common Name: Massachusetts Information Privacy Act

---

News and Resources

• Massachusetts governor considers vaccine passport requirements
  (November 2021)
• Boston City Council must approve all surveillance tech, new ordinance says
  (October 2021)
• Personal transit data protected from warrantless searches under Mass. law
  (January 2021)
  
• Mass. governor opposes facial recognition moratorium in police reform bill
  (December 2020)
  
• Mass. ballot initiative raises questions around vehicle data access
  (November 2020)
  

---

News and Resources

• Encrypted police app prompts call for change from Michigan lawmakers
  (February 2021)
  
• Michigan airport to use ‘smart helmets’
  (September 2020)
  
• Mich. introduces bill prohibiting facial-recognition use by police
  (May 2019)
  
• Up to 1.87M workers’ data breached from Michigan unemployment system
  (February 2017)
  

---

Active Bills

Statute/Bill: HF 1492 (click to view)
Common Name: Minnesota Consumer Data Privacy Act

---

News and Resources

• Law regulates drone use by Minnesota law enforcement
  (May 2021)
• Minneapolis bans police use of facial recognition
  (February 2021)
  
• Minneapolis police file geofence warrant to identify protestors
  (March 2021)
  
• Addresses of COVID-19 patients exposed in Minn.
  (September 2020)
  
• Minn. hospitals hit by data breach
  (September 2020)

---

News and Resources

• Mississippi AG: Best To Notify Us Quickly of A Breach
  (June 2015)
  
• Google must face Mississippi privacy lawsuit
  (August 2018)

---

News and Resources

• Missouri Senate passes bill to outlaw nonconsensual pornography
  (May 2018)
  
• Missouri governor indicted on privacy invasion charges
  (October 2018)
  

---

News and Resources

• Maryland, Montana pass laws on DNA use for criminal investigations
  (June 2021)
• Health care data breach affects 130K Montana patients
  (October 2019)
  
• Court rules against Montana’s ban on political robocalls
  (September 2019)
  

---

News and Resources

• Neb. latest state to take up privacy legislation
  (January 2020)
  

---

News and Resources

• Nevada Privacy Law Compliance Guide
  (June 2021)
  
• A conversation with Nev. Attorney General Aaron Ford
  (October 2020)
  
• Nev. teachers worried about students’ privacy during online learning
  (August 2020)
  
• Are you prepped to comply with Nevada’s opt-out law?
  (November 2019)
  
• Nevada passes consumer opt-out bill
  (June 2019)
  

---

News and Resources

• NH Legislature considering privacy bill
  (February 2020)
  
• NH Senate rejects biometric information bill
  (January 2020)
  

---

Active Bills

Statute/Bill: A 505 (click to view)
Common Name: New Jersey Disclosure and Accountability Transparency Act

---

Statute/Bill: S 332 (click to view)

---

News and Resources

• NJ gov.: Health data kept secure during contact tracing
  (June 2020)
  
• N.J. lawmakers propose data privacy bill
  (February 2020)
  
• New Jersey’s community surveillance provides live feed
  (May 2018)
  
• Judges rule New Jersey police can examine social media posts without order
  (February 2017)
  

---

News and Resources

• Google, New Mexico reach settlement over children’s privacy claims
  (August 2021)
  
• Attorney general asks appeals court to review NM COPPA lawsuit
  (March 2021)
  
• New Mexico AG alleges Google violated COPPA
  (February 2020)
  
• New Mexico governor inks data breach notification law
  (April 2017)
  

---

Active Bills

Statute/Bill: A 680b (click to view)
Common Name: New York Privacy Act

---

Statute/Bill: S 6701a (click to view)
Common Name: New York Privacy Act

---

Statute/Bill: A 6042 (click to view)
Common Name: Digital Fairness Act

---

Statute/Bill: SB 567 (click to view)

---

News and Resources

• NYC biometric law enters into force
  (July 2021)
• New York DFS announces $3M breach settlement
  (April 2021)
• NYPL’s privacy leader on safeguarding patron trust, transparency
  (March 2021)
  
• NY investigation finds Facebook did not prevent sharing of sensitive user data
  (February 2021)
  
• NY financial regulator charges insurance company over 2019 breach
  (July 2020)

---

Active Bills

Statute/Bill: SB 569 (click to view)
Common Name: Consumer Privacy Act

---

News and Resources

• Changes on the horizon for North Carolina’s data breach notification law
  (January 2019)
  

---

News and Resources

• North Dakota hires chief data officer
  (October 2021)
• Proposed opt-in law voted down by North Dakota committee
  (March 2021)
  
• ND passes policy to protect student data privacy
  (June 2020)
  
• ND court suspends online document access following privacy concerns
  (January 2020)
  

---

Active Bills

Statute/Bill: HB 376 (click to view)
Common Name: Ohio Personal Privacy Act

---

News and Resources

• Ohio Attorney General Yost on state, federal privacy law, FTC and more
  (August 2021)
  
• Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
  (August 2021)
  
• Lawmakers introduce Ohio Personal Privacy Act
  (July 2021)
• Ohio Supreme Court seeks public comment on privacy law specialization
  (December 2020)
  
• Analysis: Ohio’s Data Protection Act
  (October 2018)

---

News and Resources

• Oklahoma PD proposes crime center with surveillance cameras
  (July 2021)
• Oklahoma House passes privacy legislation
  (March 2021)
  
• Okla. to study internet data privacy
  (July 2020)
  
• Ark., Okla. residents’ court, utility payment transactions exposed
  (April 2020)
  
• Oklahoma Department of Securities sued over data breach
  (March 2020)

---

News and Resources

• COVID-19-related data focus of lawsuit against Google, Oregon bill
  (April 2021)
• Oregon lawmakers introduce privacy bill for state government’s IT department
  (April 2021)
  
• Oregon passes bill requiring online companies to adhere to their own privacy policies
  (May 2017)
  
• New Oregon data breach notification measure signed into law
  (March 2018)
  
• Data breach affects 654K Health Share of Oregon members
  (February 2020)
  

---

Active Bills

Statute/Bill: HB 1126 (click to view)

---

News and Resources

• Pa. to release contact-tracing app, lawmakers state privacy concerns
  (September 2020)
  
• Pa. city considers ban on facial recognition technology
  (August 2020)
  
• Interview with Pennsylvania Attorney General Josh Shapiro
  (May 2018)
  
• Pennsylvania Supreme Court: Employers have legal duty to protect employee data
  (December 2018)
  

---

News and Resources

• Rhode Island lawmaker proposes data transparency and protection act
  (January 2018)
  

---

News and Resources

• New cybersecurity rules take effect in South Carolina
  (January 2019)
  

---

News and Resources

• South Dakota Senate committee passes data breach notification bill
  (January 2018)
  

---

News and Resources

• A conversation with Tenn. Attorney General Herbert Slatery
  (February 2021)
  
• Tenn. department sells data of 7.2M drivers
  (February 2020)
  
• Clash over student data in Tennessee
  (August 2017)
• Tennessee law first to require notification regardless of information encryption status
  (March 2016)

---

News and Resources

• HHS waives HIPAA penalties in Texas
  (February 2021)
  
• Privacy pros underwhelmed by Texas privacy council’s report
  (September 2020)
  
• Advertising associations urge Texas Legislature to reject opt-in consent proposals
  (August 2020)
  
• Texas attorney general investigating Facebook’s biometric data practices
  (July 2020)
  
• IAPP PLS certification given specialty designation in Texas
  (May 2020)
  

---

News and Resources

• Utah gov. appoints state’s first Department of Government Operations privacy officer
  (July 2021)
• Utah passes government privacy bill
  (March 2021)
  
• Utah privacy bill falls short in Senate
  (March 2021)
  
• Utah Student Data Privacy Guidebook
  (October 2020)
  
• New Utah Department of Public Safety policies regulate facial recognition
  (September 2020)

---

News and Resources

• Vt. attorney general seeks change to facial recognition ban
  (February 2021)
  
• Vt. Legislature passes facial recognition ban
  (October 2020)
  
• Court rules Vt. suit against Clearview AI can proceed
  (September 2020)
  
• Vt. attorney general publishes data breach law guidance
  (July 2020)
  
• Vermont attorney general talks regulating data brokers, protecting consumers
  (April 2019)
  

---

Passed Laws

Consumer Data Protection Act
• Click to view the Code of Virginia
• Click to view on VA Legislative website 

---

News and Resources

• Comparison of Comprehensive Data Privacy Laws in Virginia and California
• Recap of Virginia Consumer Data Protection Work Group
  (November 2021)
• What Virginia’s Consumer Data Protection Act means for your privacy program
  (March 2021)
  
• Analyzing Virginia’s new privacy law with Odia Kagan
  (March 2021)
  
• Challenge accepted: Initial Virginia CDPA reactions, considerations
  (March 2021)
  

---

Active Bills

Statute/Bill: HB 1433 (click to view)
Common Name: People’s Privacy Act

---

Statute/Bill: SB 5062 (click to view)
Common Name: Washington Privacy Act

---

Statute/Bill: HB 1850 (click to view)
Common Name: Washington Foundational Data Privacy Act

---

Statute/Bill: SB 5813 (click to view)

---

News and Resources

• Washington data breaches rose 500% in 2021
  (November 2021)
• The Washington Privacy Act goes 0 for 3
  (April 2021)
• House Appropriations Committee passes amended WPA
  (April 2021)
  
• House committee advances WPA with limited private right of action
  (March 2021)
  
• WPA enforcement key topic during Wash. senate hearing
  (February 2021)

---

News and Resources

• Data Privacy Issues in West Virginia: An Overview
  (September 2021)
  

---

News and Resources

• Wisconsin biotech company helping businesses manage employee vaccine data
  (September 2021)
• Wis. Supreme Court asked to consider police recovery of cell data
  (October 2020)
  
• Lawmaker proposes Wisconsin Data Privacy Act
  (January 2020)
  
• Wisconsin county suffers data breach affecting 258K citizens
  (August 2018)
  

---

News and Resources

• Wyoming introduces bill to clarify patient privacy
  (February 2019)
  

---