US State Privacy

Image

US State Privacy Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to state privacy in the United States. The IAPP Resource Center also includes US Federal Privacy and CCPA and CPRA topic pages.


United States Privacy Digest newsletter

Be in-the-know on US privacy news by subscribing to the US Privacy Digest newsletter.

Additional News and Resources

Defining ‘comprehensive’: Florida, Washington and the scope of state tracking


What does the Colorado AI Act mean for AI governance and policymaking?


US state AI governance bills: Reflecting on the 2024 cycle with a new resource


Unpacking the shift toward substantive data minimization rules in proposed legislation


PRA highlights novelties in Vermont’s comprehensive privacy bill


Enacted Federal Statutes with PRA


Colorado awaits fate of AI regulation bill


Major trends in US cybersecurity law and policy


Key Dates from US Comprehensive State Privacy Laws


Assessing ‘necessity’ under state health privacy laws


Framework debate shows as Kentucky nears comprehensive privacy law


Private-sector AI bill clears Utah Legislature


A look at proposed US state private sector AI legislation


Defining ‘comprehensive’: Florida, Washington and the scope of state tracking


Adverse event reporting and preparing for the next wave of privacy litigation


EPIC finds oversized tech influence on state privacy laws


Connecticut attorney general publishes report on Data Privacy Act


State lawmaker’s take on New Hampshire comprehensive privacy bill’s impacts


Nuances highlight New Jersey’s comprehensive privacy bill


Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement


CPPA releases initial automated decision-making rules proposal


CPPA’s draft automated decision-making rules unpacked


What’s next for US state-level AI legislation


My Health, My Data, My Class Action Lawsuit — Mitigating Healthcare Privacy Risk


The year that was in state data privacy


California Legislature passes Delete Act regulating data brokers


US states leverage existing models of privacy legislation


California privacy agency lays out vision for cybersecurity regulation


Montana attorney general backs TikTok privacy concerns


Addressing the duty of care in state privacy laws


U.S. privacy legislation in 2023: Something old, something new?


Connecticut takes a first stab at regulating government use of AI


Illinois federal judge overturns $228M damages award in first BIPA case


Practical considerations for bias audits under NYC Local Law 144


Texas latest to add comprehensive state privacy law


The ranging impacts of Florida’s Digital Bill of Rights


Key steps for meeting US state PIA obligations


DeSantis signs Florida’s Digital Bill of Rights


The ranging impacts of Florida’s Digital Bill of Rights


Utah drafting statewide privacy plan for state agencies


Montana governor signs bill banning TikTok


State privacy dispatch: Why the floodgates opened


Indiana governor signs a comprehensive privacy act into law


Complying with Colorado’s data protection assessment requirements


Illinois BIPA cases up 65% following Supreme Court decision


The sweeping scope of Washington’s My Health, My Data Act


Washington’s My Health, My Data Act


The expanding privacy partnership in New York City


How should mobile apps prepare for California’s privacy scrutiny?


UK and California age-appropriate design rules — Similar principles, subtle differences


Montana, Tennessee comprehensive privacy bills clear legislatures


Montana passes first statewide TikTok ban


Washington state on track to pass broad-based health data privacy law


Indiana poised to add to US state privacy law patchwork


Arkansas passes children’s social media bill


Iowa becomes sixth US state to enact comprehensive consumer privacy legislation


The rise of US state-level BIPA: Illinois leads, others catching up


Filling the void? The 2023 state privacy laws and consumer health data


Colorado Privacy Act regulations finalized


California legislative wrap-up: CCPA amendments, children’s privacy and more


Iowa set to finalize sixth US comprehensive state privacy law


State privacy prospects bring new paradigm in 2023


State AGs and Privacy in 2023: What Your Business Needs to Know


State privacy dispatch: How the 2023 landscape is materializing


Takeaways from Ohio court ruling on ransomware and insurance exclusions


Privacy operations to update in the first half of 2023 for California, Colorado regulations


Several Illinois BIPA lawsuits filed at the end of 2022


All things ‘California Privacy Law’ with Lothar Determann


2023 brings US state privacy law preparedness into focus


Attorney general drops revised Colorado Privacy Act draft rules


New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation


The Growth of State Privacy Legislation


New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation


2023 US State Data Protection Laws – A Summary of Opt-Out Rights and Preference Signal Requirements


State Attorneys General on privacy, cybersecurity, enforcement and legislation


California Age-Appropriate Design Code final passage brings mixed reviews


State data privacy legislation: Takeaways from 2022 and what to expect in 2023


Michigan Attorney General Nessel on strengthening consumer protections, right to privacy


BakerHostetler – US Breach Notification Law Interactive Map


Utah Supreme Court rules victims should be able to defend privacy rights


US State Data Breach Notification Law Matrix


Nevada Privacy Law Compliance Guide


Minnesota passes student privacy bill


US state privacy laws: What you need to know


Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more


Exceptions in new US state privacy laws leave data without security coverage


Connecticut enacts comprehensive consumer data privacy law


Maine Privacy Law Guide


Colorado Privacy Act Compliance Guide


Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date


Virginia governor signs VCDPA amendment bills


Colorado attorney general details his CPA enforcement priorities at IAPP GPS22


Data Privacy Protection: A Colorado Perspective


Utah’s privacy officer wants to train, certify 50 privacy, security specialists


Utah becomes fourth US state to enact comprehensive consumer privacy legislation


Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches


A state legislator’s perspective on data privacy legislation


Colorado – Data Security Best Practices


Unpacking Washington state’s cluster of comprehensive privacy bills


State attorneys general sue Google with ‘dark patterns’ claims


Status of the California Privacy Protection Agency’s work


Iowa launches digital driver’s license pilot program


Colorado Privacy Act Compliance Guide


Maryland names first-ever privacy, data officers


Recap of Virginia Consumer Data Protection Work Group


Bloomberg Law – Biometric Data Privacy Laws


North Dakota hires chief data officer


BIPA Legislation Introduced in 2021


NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government


Boston City Council must approve all surveillance tech, new ordinance says


NASCIO – State Chief Information Officer Surveys


NASCIO Report: State CIO use of the Cloud


Illinois court addresses statutes of limitations for BIPA claims


Data Privacy Issues in West Virginia: An Overview


Illinois enacts Protecting Household Privacy Act


Google, New Mexico reach settlement over children’s privacy claims


California attorney general issues guidance on health privacy law obligations


Member Spotlight: A conversation with Domingo DeGrazia


Ohio Attorney General Yost on state, federal privacy law, FTC and more


Ohio Lt. Governor Jon Husted discusses the state’s privacy bill


Maryland adds government CDO, CPO roles


California attorney general offers CCPA enforcement update, launches reporting tool


Update by the California attorney general could be a game-changer


NYC biometric law enters into force


Colorado Privacy Act becomes law


NYC biometric law enters into force


Maine passes statewide facial recognition ban


Vaccination records raising privacy concerns in California


Maryland, Montana pass laws on DNA use for criminal investigations


Law regulates drone use by Minnesota law enforcement


Opt-in vs. opt-out approaches to personal information processing


State Data Breach Notification Chart


‘States are where the action is’ on privacy legislation


Attorney General Tong on enforcement priorities, legislative landscape in Connecticut


Illinois Senate passes strengthened privacy protections for assault victims


The Washington Privacy Act goes 0 for 3


Research shows ‘massive amount’ of vehicle surveillance in California


New York DFS announces $3M breach settlement


16 states join Alabama in disputing Census use of differential privacy


House fails to pass WPA, bill sponsor says it ‘remains alive’


Whittled Florida privacy bill moves forward


House Appropriations Committee passes amended WPA


Kansas Senate approves permanent COVID-19 contact-tracing rules


House committee advances WPA with limited private right of action


What the CPPA’s appointments say about enforcement priorities, strategy


NYPL’s privacy leader on safeguarding patron trust, transparency


California names appointees to new privacy enforcement agency


What Virginia’s Consumer Data Protection Act means for your privacy program


What Virginia’s Consumer Data Protection Act means for your privacy program


Analyzing Virginia’s new privacy law with Odia Kagan


Facebook’s $650M BIPA settlement ‘a make-or-break moment’


Analyzing Virginia’s new privacy law with Odia Kagan


Challenge accepted: Initial Virginia CDPA reactions, considerations


Challenge accepted: Initial Virginia CDPA reactions, considerations


Virginia passes the Consumer Data Protection Act


Virginia passes the Consumer Data Protection Act


A conversation with Tenn. Attorney General Herbert Slatery


Minneapolis bans police use of facial recognition


Proposed opt-in law voted down by North Dakota committee


Minneapolis police file geofence warrant to identify protestors


Facial recognition bills proposed in Maryland, Alabama


Personal transit data protected from warrantless searches under Mass. law


FPF analysis alleges Fla. Sheriff’s Office violates student privacy


Breach of voter registration system exposes 113K Alaskan voters’ data


What is the California Privacy Protection Agency?


A conversation with Nev. Attorney General Aaron Ford


House Republicans seek details on VA data breach


Vt. Legislature passes facial recognition ban


Utah Student Data Privacy Guidebook


Ill. Attorney General Kwame Raoul on changes to state’s data breach law


Privacy pros underwhelmed by Texas privacy council’s report


Gov. Newsom signs bill on Calif. SSN privacy


Colo. law enforcement accessed DMV’s facial recognition software


Calif. passes genetic privacy bill


Michigan airport to use ‘smart helmets’


CDT — Responsible Technology Training Series for Education Practitioners


Arizona MVD sells Social Security numbers to private investigators


Mass. attorney general stands up Data Privacy, Security Division


Maine privacy law takes force despite legal challenges


NY legislature approves ban of facial recognition in schools through 2022


Va. expands COVID-19 database


Man charged in Va. bank robbery challenges geofence warrant


NYC Council passes surveillance oversight bill


Judge approves $3.2M settlement in Ill. BIPA case


ND passes policy to protect student data privacy


Ariz. attorney general files lawsuit against Google over location tracking


IAPP PLS certification given specialty designation in Texas


NY’s SHIELD Act has taken effect — what does this mean for your business?


Ark., Okla. residents’ court, utility payment transactions exposed


Wash. facial-recognition bill signed into law


Ga. Department of Driver’s Services sharing data with ICE


Kentucky court rules police need warrant to ping cell phones


Data breach affects 654K Health Share of Oregon members


Md. Attorney General Brian Frosh talks future legislation


ND court suspends online document access following privacy concerns


Ga. Attorney General Chris Carr on breaches, federal law


Arizona court rules citizens have a right to online privacy from authorities without a warrant


Minnesota to recognize IAPP PLS certification


Nevada passes consumer opt-out bill


Vermont attorney general talks regulating data brokers, protecting consumers


Why are states making consumer data less secure?


Op-ed: Marketers should focus on state privacy laws over a federal rule


Changes on the horizon for North Carolina’s data breach notification law


US federal privacy preemption part 1: History of federal preemption of stricter state laws


Analysis: Ohio’s Data Protection Act


Wisconsin county suffers data breach affecting 258K citizens


Analysis: Vermont’s data broker regulation


Interview with Pennsylvania Attorney General Josh Shapiro


Missouri Senate passes bill to outlaw nonconsensual pornography


Massachusetts Senate passes data breach protection bill


Indiana attorney general talks black market, breaches and priorities


A Q&A with Kansas Attorney General Derek Schmidt


Delaware’s amended data breach notification law adds strict requirements