US State Privacy

While the wait is on for a federal privacy law, many states have taken matters into their own hands and are in the process of or have already passed state data protection laws. The IAPP has been keeping track of individual state privacy legislation, and we regularly update this topic page with our collection of news and resources.

The IAPP Resource Center also includes a “US Federal Privacy” topic page.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NE, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

Featured Resources Latest News and Resources Resources by State

Featured Resources

US State Privacy Legislation Tracker

This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More

CCPA and CPRA
Topic Page

This topic page contains resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Read More

State privacy laws: What you need to know

In this LinkedIn Live event, IAPP Chief Knowledge Officer Caitlin Fennessy, CIPP/US, discusses state privacy with IAPP Westin Fellow Taylor Kay Lively, CIPP/US, and IAPP Staff Writer Joe Duball.
Read More

Latest News and Resources

Connecticut enacts comprehensive consumer data privacy law

On May 10, 2022, Connecticut became the fifth U.S. state with comprehensive consumer privacy legislation after Gov. Ned Lamont, D-Conn., signed Senate Bill 6, An Act Concerning Personal Data Privacy and Online Monitoring, into law. Most provisions of the law will go into effect alongside the Colorado Privacy Act July 1, 2023, giving organizations just under 14 months to come into compliance. The law includes many of the same rights, obligations and exceptions as the consumer privacy laws alread... Read More

Save This

Exceptions in new US state privacy laws leave data without security coverage

In Connecticut and Virginia, the new consumer privacy laws that comprehensively adopt the fair information practice principles, including data security, have left large swaths of data exempt from any cybersecurity requirements. States using the same consumer privacy template as Connecticut and Virginia should consider the exceptions language very carefully lest, while advancing consumer rights, they actually fall behind other states in protecting cybersecurity. Section 6(3) of the Connecticut l... Read More

Save This

Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more

Indiana has established itself as a state at the forefront of addressing complex data privacy and cybersecurity issues. That is in no small part due to the active engagement of the state’s attorneys general. As part of this interview series, we previously spoke with Indiana attorneys general Greg Zoeller (2009-2017) and Curtis Hill (2017-2021) during their terms in office about a variety of issues, including addressing robocalls, keeping sensitive health information off the digital black market ... Read More

Save This

Web Conference: Building Your US Privacy Program: Six Steps to US Privacy Compliance

Original broadcast date: 5 April 2022 In this web conference, panelists discuss US Privacy laws and take a deep dive into what workflows privacy teams should be engaging in to support a broader US Privacy initiative, boost consumer and employee trust, and how to effectively govern data within business systems. Read More

Save This

Utah becomes fourth US state to enact comprehensive consumer privacy legislation

On March 24, Gov. Spencer Cox, R-Utah, signed the Utah Consumer Privacy Act into law, making Utah the fourth state to enact comprehensive consumer privacy legislation. The law goes into effect Dec. 31, 2023. The UCPA is both similar to and different from the consumer privacy laws of California, Virginia and Colorado. Namely, it draws heavily from the Virginia Consumer Data Protection Act and several of its VCDPA-like components are also contained in the Colorado Privacy Act. At first glance, ... Read More

Save This

	US State Data Breach Notification Law Matrix (Mintz)
	Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date (IAPP, April 2022)
	Iowa Attorney General Miller on advocating for consumer rights, policing algorithms and offering support during breaches (IAPP, March 2022)
	A state legislator’s perspective on data privacy legislation (IAPP, March 2022)
	Web Conference: Leverage Your Compliance Efforts: Preparing for Upcoming State Privacy Laws (IAPP, March 2022)
	Florida privacy bill maintains PRA ahead of House floor vote (IAPP, February 2022)
	Unpacking Washington state’s cluster of comprehensive privacy bills (IAPP, January 2022)
	ITIF Report — The Cost of a Patchwork of State Privacy Laws (ITIF, January 2022)
	State attorneys general sue Google with ‘dark patterns’ claims (IAPP, January 2022)
	Status of the California Privacy Protection Agency’s work (IAPP, December 2021)
	NCSL – US State Statutory and Legislative Charts (NCSL, December 2021)
	The Growth of State Privacy Legislation (IAPP, November 2021)
	Bloomberg Law – Biometric Data Privacy Laws (Bloomberg, November 2021)
	Colorado Privacy Act Compliance Guide (Termageddon , November 2021)
	BIPA Legislation Introduced in 2021 (IAPP, October 2021)
	NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government (NASCIO, October 2021)
	NASCIO – State Chief Information Officer Surveys (NASCIO, October 2021)
	NASCIO Report: State CIO use of the Cloud (NASCIO, October 2021)
	NASCIO Report: Why State CIOs are turning to low-code and no-code software development (NASCIO, September 2021)
	Key Dates from US Comprehensive State Privacy Laws (IAPP, September 2021)
	Privacy patchwork: Looking back at the 2021 legislative session (IAPP, September 2021)
	State reps. drop 2022 Oklahoma privacy bill; California genetic privacy bill passes (IAPP, September 2021)
	Skepticism clouds ULC’s pitch for uniform US state privacy legislation (IAPP, August 2021)
	Ohio Attorney General Yost on state, federal privacy law, FTC and more (IAPP, August 2021)
	Ohio Lt. Governor Jon Husted discusses the state’s privacy bill (IAPP, August 2021)
	California attorney general offers CCPA enforcement update, launches reporting tool (IAPP, July 2021)
	Comparison of Comprehensive Data Privacy Laws in Virginia, California and Colorado (IAPP, July 2021)
	NYC biometric law enters into force (IAPP, July 2021)
	Maine passes statewide facial recognition ban (IAPP, July 2021)
	Opt-in vs. opt-out approaches to personal information processing (IAPP, May 2021)
	State Data Breach Notification Chart (IAPP, May 2021)
	Op-ed: A privacy advocate’s take on 2021 state law efforts (IAPP, July 2021)
	Florida Legislature’s privacy law efforts fall short (IAPP, May 2021)
	‘States are where the action is’ on privacy legislation (IAPP, May 2021)
	Morrison Foerster Privacy Library (Morrison Foerster)
	Web Conference: Adapting GDPR/CCPA Data Rights Processes for CPRA, CDPA, ABCD, WXYZ and Beyond (IAPP, April 2021)
	Keynote: ‘State of the States: A Look at 2021 U.S. State Privacy Legislation’ (IAPP, April 2021)
	Attorney General Tong on enforcement priorities, legislative landscape in Connecticut (IAPP, April 2021)
	The Washington Privacy Act goes 0 for 3 (IAPP, April 2021)
	Web Conference: Building a Compliance Program for a Patchwork of State Privacy Laws (IAPP, April 2021)
	A closer look at tech’s state privacy law lobbying efforts (IAPP, April 2021)
	House fails to pass WPA, bill sponsor says it ‘remains alive’ (IAPP, April 2021)
	Whittled Florida privacy bill moves forward (IAPP, April 2021)
	House Appropriations Committee passes amended WPA (IAPP, April 2021)
	House committee advances WPA with limited private right of action (IAPP, March 2021)
	Opt in or opt out? State privacy bills introduced in 2021 (IAPP, March 2021)
	What Virginia’s Consumer Data Protection Act means for your privacy program (IAPP, March 2021)
	Analyzing Virginia’s new privacy law with Odia Kagan (IAPP, March 2021)
	Facebook’s $650M BIPA settlement ‘a make-or-break moment’ (IAPP, March 2021)
	Challenge accepted: Initial Virginia CDPA reactions, considerations (IAPP, March 2021)
	Virginia passes the Consumer Data Protection Act (IAPP, March 2021)
	Consumer Reports: Model State Privacy Act (Consumer Reports, February 2021)
	A conversation with Tenn. Attorney General Herbert Slatery (IAPP, February 2021)
	What’s ahead for US state privacy legislation in 2021? A conversation with David Stauss (IAPP, January 2021)
	Is 2021 the year for the Washington Privacy Act? (IAPP, January 2021)
	2020 Deloitte-NASCIO Cybersecurity Study – States at Risk: The Cybersecurity Imperative in Uncertain Times (Deloitte, NASCIO, October 2020)
	What Do Emerging State Privacy Laws Really Mean for B2B Companies? (Baker McKenzie, March 2020)
	Web Conference: Privacy Regulation Update: New and Evolving State and Federal Laws (IAPP, March 2020)
	Why are states making consumer data less secure? (IAPP, April 2019)
	Op-ed: Marketers should focus on state privacy laws over a federal rule (IAPP, March 2019)
	US federal privacy preemption part 1: History of federal preemption of stricter state laws (IAPP, January 2019)

View More Resources

Resources by State

Here you can find privacy news and resources sorted by state. To track the status of privacy legislation by state, view the IAPP’s “US State Privacy Legislation Tracker,” which helps aid our users’ efforts to stay abreast of the changing state-privacy landscape.

Click below to navigate the latest privacy resources and news by state.

AK, AL, AR, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MS, MT, NC, ND, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, VT, WA, WI, WV, WY

News and Resources

16 states join Alabama in disputing Census use of differential privacy
(April 2021)
Facial recognition bills proposed in Maryland, Alabama
(February 2021)
Alabama’s Crimson Tide loyalty app raises privacy concerns
(September 2019)
Alabama approves PLS certification
(December 2018)
Alabama opens cybersecurity operations center
(October 2018)

News and Resources

Breach of voter registration system exposes 113K Alaskan voters’ data
(December 2020)
Computer monitoring raises privacy concerns in Alaskan school
(October 2019)

News and Resources

Member Spotlight: A conversation with Domingo DeGrazia
(August 2021)
Arizona MVD sells Social Security numbers to private investigators
(August 2020)
Ariz. attorney general files lawsuit against Google over location tracking
(May 2020)
Arizona court rules citizens have a right to online privacy from authorities without a warrant
(July 2019)
Arizona attorney general to investigate Google’s location-tracking practices
(September 2018)

Arizona passes data breach law
(June 2018)
Arizona Attorney General Mark Brnovich on federal breach laws, state pre-emption, and class actions
(April 2018)

View More Resources

News and Resources

Ark., Okla. residents’ court, utility payment transactions exposed
(April 2020)
Arkansas hires first CPO
(June 2018)

Passed Laws

California Consumer Privacy Act of 2018
• Click to view on CA Legislative website

California Privacy Rights Act (Enters into force January 2023.)
• View Ballot Initiative (PDF)

CCPA and CPRA Topic Page

This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources covering the California Consumer Privacy Act and California Privacy Rights Act.
Click to View

News and Resources

The news and resources below are relevant to privacy in California outside of the CCPA and CPRA.