US State Privacy Topic Page
Here, you can find the IAPP’s collection of coverage, analysis and resources related to state privacy in the United States. The IAPP Resource Center also includes US Federal Privacy and CCPA and CPRA topic pages.
Here, you can find the IAPP’s collection of coverage, analysis and resources related to state privacy in the United States. The IAPP Resource Center also includes US Federal Privacy and CCPA and CPRA topic pages.
US State Privacy Legislation Tracker
This resource contains a table and map tracking US state privacy laws, and is regularly updated to reflect new state privacy legislation.
Read More
US State AI Governance Legislation Tracker
This tool tracks US state cross-sectoral laws with direct application to the use of AI systems in the private sector.
Read More
Private Rights of Action in US Privacy Legislation
This article examines privacy rights of action in US state and federal privacy legislation, including enforcement provisions contained in the revised discussion draft of the APRA.
Read More
This report analyzes similarities and differences between enacted U.S. comprehensive state privacy laws.
California Privacy and AI Legislation Tracker
This tracker highlights any California data law with potential privacy or AI governance implications across sectors.
Read More
California Rulemaking Process Overview
This chart provides a roadmap for the California rulemaking process as the CPPA continues to promulgate regulations delegated to it by California legislators and voters.
Read More
United States Privacy Digest newsletter
Be in-the-know on US privacy news by subscribing to the US Privacy Digest newsletter.
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
How Texas strives to be US state privacy enforcement leader
Rhode Island’s comprehensive privacy bill raises patchwork misalignment concerns
The Vermont veto is a step backward for privacy
What does the Colorado AI Act mean for AI governance and policymaking?
US state AI governance bills: Reflecting on the 2024 cycle with a new resource
Unpacking the shift toward substantive data minimization rules in proposed legislation
PRA highlights novelties in Vermont’s comprehensive privacy bill
Enacted Federal Statutes with PRA
Colorado awaits fate of AI regulation bill
Major trends in US cybersecurity law and policy
Key Dates from US Comprehensive State Privacy Laws
Assessing ‘necessity’ under state health privacy laws
Framework debate shows as Kentucky nears comprehensive privacy law
Private-sector AI bill clears Utah Legislature
A look at proposed US state private sector AI legislation
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Adverse event reporting and preparing for the next wave of privacy litigation
EPIC finds oversized tech influence on state privacy laws
Connecticut attorney general publishes report on Data Privacy Act
State lawmaker’s take on New Hampshire comprehensive privacy bill’s impacts
Nuances highlight New Jersey’s comprehensive privacy bill
Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement
CPPA releases initial automated decision-making rules proposal
CPPA’s draft automated decision-making rules unpacked
What’s next for US state-level AI legislation
My Health, My Data, My Class Action Lawsuit — Mitigating Healthcare Privacy Risk
The year that was in state data privacy
California Legislature passes Delete Act regulating data brokers
US states leverage existing models of privacy legislation
California privacy agency lays out vision for cybersecurity regulation
Montana attorney general backs TikTok privacy concerns
Addressing the duty of care in state privacy laws
U.S. privacy legislation in 2023: Something old, something new?
Connecticut takes a first stab at regulating government use of AI
Illinois federal judge overturns $228M damages award in first BIPA case
Practical considerations for bias audits under NYC Local Law 144
Texas latest to add comprehensive state privacy law
The ranging impacts of Florida’s Digital Bill of Rights
Key steps for meeting US state PIA obligations
DeSantis signs Florida’s Digital Bill of Rights
The ranging impacts of Florida’s Digital Bill of Rights
Utah drafting statewide privacy plan for state agencies
Montana governor signs bill banning TikTok
State privacy dispatch: Why the floodgates opened
Indiana governor signs a comprehensive privacy act into law
Complying with Colorado’s data protection assessment requirements
Illinois BIPA cases up 65% following Supreme Court decision
The sweeping scope of Washington’s My Health, My Data Act
Washington’s My Health, My Data Act
The expanding privacy partnership in New York City
How should mobile apps prepare for California’s privacy scrutiny?
UK and California age-appropriate design rules — Similar principles, subtle differences
Montana, Tennessee comprehensive privacy bills clear legislatures
Montana passes first statewide TikTok ban
Washington state on track to pass broad-based health data privacy law
Indiana poised to add to US state privacy law patchwork
Arkansas passes children’s social media bill
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
The rise of US state-level BIPA: Illinois leads, others catching up
Filling the void? The 2023 state privacy laws and consumer health data
Colorado Privacy Act regulations finalized
California legislative wrap-up: CCPA amendments, children’s privacy and more
Iowa set to finalize sixth US comprehensive state privacy law
State privacy prospects bring new paradigm in 2023
State AGs and Privacy in 2023: What Your Business Needs to Know
State privacy dispatch: How the 2023 landscape is materializing
Takeaways from Ohio court ruling on ransomware and insurance exclusions
Privacy operations to update in the first half of 2023 for California, Colorado regulations
Several Illinois BIPA lawsuits filed at the end of 2022
All things ‘California Privacy Law’ with Lothar Determann
2023 brings US state privacy law preparedness into focus
Attorney general drops revised Colorado Privacy Act draft rules
The Growth of State Privacy Legislation
2023 US State Data Protection Laws – A Summary of Opt-Out Rights and Preference Signal Requirements
State Attorneys General on privacy, cybersecurity, enforcement and legislation
California Age-Appropriate Design Code final passage brings mixed reviews
State data privacy legislation: Takeaways from 2022 and what to expect in 2023
Michigan Attorney General Nessel on strengthening consumer protections, right to privacy
BakerHostetler – US Breach Notification Law Interactive Map
Utah Supreme Court rules victims should be able to defend privacy rights
US State Data Breach Notification Law Matrix
Nevada Privacy Law Compliance Guide
Minnesota passes student privacy bill
US state privacy laws: What you need to know
Indiana Attorney General Rokita on federal, Indiana privacy regulations, cybersecurity and more
Exceptions in new US state privacy laws leave data without security coverage
Connecticut enacts comprehensive consumer data privacy law
Colorado Privacy Act Compliance Guide
Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
Virginia governor signs VCDPA amendment bills
Colorado attorney general details his CPA enforcement priorities at IAPP GPS22
Data Privacy Protection: A Colorado Perspective
Utah’s privacy officer wants to train, certify 50 privacy, security specialists
Utah becomes fourth US state to enact comprehensive consumer privacy legislation
A state legislator’s perspective on data privacy legislation
Colorado – Data Security Best Practices
Unpacking Washington state’s cluster of comprehensive privacy bills
State attorneys general sue Google with ‘dark patterns’ claims
Status of the California Privacy Protection Agency’s work
Iowa launches digital driver’s license pilot program
Colorado Privacy Act Compliance Guide
Maryland names first-ever privacy, data officers
Recap of Virginia Consumer Data Protection Work Group
Bloomberg Law – Biometric Data Privacy Laws
North Dakota hires chief data officer
BIPA Legislation Introduced in 2021
NASCIO — AI Meets the Moment: How a Pandemic Shaped AI Adoption in State Government
Boston City Council must approve all surveillance tech, new ordinance says
NASCIO – State Chief Information Officer Surveys
NASCIO Report: State CIO use of the Cloud
Illinois court addresses statutes of limitations for BIPA claims
Data Privacy Issues in West Virginia: An Overview
Illinois enacts Protecting Household Privacy Act
Google, New Mexico reach settlement over children’s privacy claims
California attorney general issues guidance on health privacy law obligations
Member Spotlight: A conversation with Domingo DeGrazia
Ohio Attorney General Yost on state, federal privacy law, FTC and more
Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
Maryland adds government CDO, CPO roles
California attorney general offers CCPA enforcement update, launches reporting tool
Update by the California attorney general could be a game-changer
NYC biometric law enters into force
Colorado Privacy Act becomes law
NYC biometric law enters into force
Maine passes statewide facial recognition ban
Vaccination records raising privacy concerns in California
Maryland, Montana pass laws on DNA use for criminal investigations
Law regulates drone use by Minnesota law enforcement
Opt-in vs. opt-out approaches to personal information processing
State Data Breach Notification Chart
‘States are where the action is’ on privacy legislation
Attorney General Tong on enforcement priorities, legislative landscape in Connecticut
Illinois Senate passes strengthened privacy protections for assault victims
The Washington Privacy Act goes 0 for 3
Research shows ‘massive amount’ of vehicle surveillance in California
New York DFS announces $3M breach settlement
16 states join Alabama in disputing Census use of differential privacy
House fails to pass WPA, bill sponsor says it ‘remains alive’
Whittled Florida privacy bill moves forward
House Appropriations Committee passes amended WPA
Kansas Senate approves permanent COVID-19 contact-tracing rules
House committee advances WPA with limited private right of action
What the CPPA’s appointments say about enforcement priorities, strategy
NYPL’s privacy leader on safeguarding patron trust, transparency
California names appointees to new privacy enforcement agency
What Virginia’s Consumer Data Protection Act means for your privacy program
What Virginia’s Consumer Data Protection Act means for your privacy program
Analyzing Virginia’s new privacy law with Odia Kagan
Facebook’s $650M BIPA settlement ‘a make-or-break moment’
Analyzing Virginia’s new privacy law with Odia Kagan
Challenge accepted: Initial Virginia CDPA reactions, considerations
Challenge accepted: Initial Virginia CDPA reactions, considerations
Virginia passes the Consumer Data Protection Act
Virginia passes the Consumer Data Protection Act
A conversation with Tenn. Attorney General Herbert Slatery
Minneapolis bans police use of facial recognition
Proposed opt-in law voted down by North Dakota committee
Minneapolis police file geofence warrant to identify protestors
Facial recognition bills proposed in Maryland, Alabama
Personal transit data protected from warrantless searches under Mass. law
FPF analysis alleges Fla. Sheriff’s Office violates student privacy
Breach of voter registration system exposes 113K Alaskan voters’ data
What is the California Privacy Protection Agency?
A conversation with Nev. Attorney General Aaron Ford
House Republicans seek details on VA data breach
Vt. Legislature passes facial recognition ban
Utah Student Data Privacy Guidebook
Ill. Attorney General Kwame Raoul on changes to state’s data breach law
Privacy pros underwhelmed by Texas privacy council’s report
Gov. Newsom signs bill on Calif. SSN privacy
Colo. law enforcement accessed DMV’s facial recognition software
Calif. passes genetic privacy bill
Michigan airport to use ‘smart helmets’
CDT — Responsible Technology Training Series for Education Practitioners
Arizona MVD sells Social Security numbers to private investigators
Mass. attorney general stands up Data Privacy, Security Division
Maine privacy law takes force despite legal challenges
NY legislature approves ban of facial recognition in schools through 2022
Man charged in Va. bank robbery challenges geofence warrant
NYC Council passes surveillance oversight bill
Judge approves $3.2M settlement in Ill. BIPA case
ND passes policy to protect student data privacy
Ariz. attorney general files lawsuit against Google over location tracking
IAPP PLS certification given specialty designation in Texas
NY’s SHIELD Act has taken effect — what does this mean for your business?
Ark., Okla. residents’ court, utility payment transactions exposed
Wash. facial-recognition bill signed into law
Ga. Department of Driver’s Services sharing data with ICE
Kentucky court rules police need warrant to ping cell phones
Data breach affects 654K Health Share of Oregon members
Md. Attorney General Brian Frosh talks future legislation
ND court suspends online document access following privacy concerns
Ga. Attorney General Chris Carr on breaches, federal law
Arizona court rules citizens have a right to online privacy from authorities without a warrant
Minnesota to recognize IAPP PLS certification
Nevada passes consumer opt-out bill
Vermont attorney general talks regulating data brokers, protecting consumers
Why are states making consumer data less secure?
Op-ed: Marketers should focus on state privacy laws over a federal rule
Changes on the horizon for North Carolina’s data breach notification law
US federal privacy preemption part 1: History of federal preemption of stricter state laws
Analysis: Ohio’s Data Protection Act
Wisconsin county suffers data breach affecting 258K citizens
Analysis: Vermont’s data broker regulation
Interview with Pennsylvania Attorney General Josh Shapiro
Missouri Senate passes bill to outlaw nonconsensual pornography
Massachusetts Senate passes data breach protection bill
Indiana attorney general talks black market, breaches and priorities
A Q&A with Kansas Attorney General Derek Schmidt
Delaware’s amended data breach notification law adds strict requirements