US State Privacy Legislation Tracker

US State Privacy Laws Tracker

*scroll horizontally to view more cells

State Introduced Signed Bill & Link Name Effective Date
California CCPA/California Privacy Rights Act California Consumer Privacy Act and California Privacy Rights Act January 1, 2020, and January 1, 2023
Colorado SB 190 Colorado Privacy Act July 1, 2023
Connecticut SB 6 Connecticut Data Privacy Act July 1, 2023
Delaware HB 154 Delaware Personal Data Privacy Act January 1, 2025
Indiana SB 5 Indiana Consumer Data Protection Act January 1, 2026
Iowa SF 262 Iowa Consumer Data Protection Act January 1, 2025
Kentucky HB 15 Kentucky Consumer Data Protection Act January 1, 2026
Montana SB 384 Montana Consumer Data Privacy Act October 1, 2024
New Hampshire SB 255 January 1, 2025
New Jersey SB 332 New Jersey Data Privacy Act January 15, 2025
Oregon SB 619 Oregon Consumer Privacy Act July 1, 2024
Tennessee HB 1181 Tennessee Information Protection Act July 1, 2025
Texas HB 4 Texas Data Privacy and Security Act July 1, 2024
Utah SB 227 Utah Consumer Privacy Act December 31, 2023
Virginia SB 1392 Virginia Consumer Data Protection Act January 1, 2023
Georgia SB 473 Georgia Consumer Privacy Protection Act
Hawaii SB 3018 Consumer Data Protection Act
Illinois SB 3517 / HB 5581 Privacy Rights Act / Illinois Privacy Rights Act
Louisiana SB 199 Louisiana Consumer Privacy Act
Maine LD 1973 / LD 1977 Maine Consumer Privacy Act / Data Privacy and Protection Act
Maryland HB 567 / SB 541 Maryland Online Data Privacy Act
Massachusetts H 83 / S 25 / H 60 / S 227 / HD 3245 Massachusetts Data Privacy Protection Act, Massachusetts Information Privacy and Security Act, Internet Bill of Rights
Michigan SB 659 Michigan Personal Data Privacy Act
Minnesota HB 2309 / SB 2915 / HB 1367 / SB 950 / HF 1892 Minnesota Consumer Data Privacy Act
Missouri SB 731 / SB 1501
Nebraska LB 1294 Nebraska Data Privacy Act
New York A 6319 / SB 3162 / A 4374 / A 3593 / A 3308 / SB 2277 / SB 365 / A 2587 / S 5555 New York Privacy Act, New York Data Protection Act, It’s Your Data Act, Digital Fairness Act, American Data Privacy and Protection Act
North Carolina SB 525 North Carolina Consumer Privacy Act
Ohio HB 345 Ohio Personal Privacy Act
Pennsylvania HB 1947 / HB 1201 Pennsylvania Consumer Data Protection Act
Rhode Island H 7787 / S 2500 Rhode Island Data Transparency and Privacy Protection Act
Vermont S 269 / H 121 Vermont Data Privacy Act
Wisconsin AB 466 / SB 642

Frequently Asked Questions

Individual states in the U.S. have their own privacy laws to address their residents’ specific privacy and data protection needs and concerns. With the absence of a comprehensive federal privacy law, states have taken it upon themselves to protect their citizens’ privacy rights, regulate data handling practices, and set standards for businesses operating within their jurisdiction. These laws help ensure that companies are transparent about their data practices and allow consumers to control how their personal information is used.

The United States currently does not have a comprehensive national data privacy law similar to the EU’s General Data Protection Regulation (GDPR). Instead, the U.S. has a sectoral approach with different rules applying to specific sectors or types of data, such as the Health Insurance Portability and Accountability Act (HIPAA) for health information and the Gramm-Leach-Bliley Act (GLBA) for financial information. In the absence of a national data privacy law, individual states, including California, Texas, Colorado, Florida, and several others, are passing their own data privacy laws to protect their citizens’ privacy.

While compliance specifics vary from state to state and law to law, generally any business that collects, stores, processes, or shares a citizen’s personal information may be required to comply with that state’s privacy laws, even if the business is incorporated elsewhere. In some states, some rules may only apply to larger firms or those dealing with a specific volume of data or several consumers.

The rights provided to citizens can vary significantly by state and law. Some common rights include the right to know what personal information a business collects about them, the right to request deletion of their data, the right to opt out of the sale of their personal information, and the right to non-discrimination for exercising their privacy rights. The specifics depend on the relevant state law.

The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) both aim to protect personal data, but they differ in various ways:

    • Scope: The CCPA applies to businesses operating in California and collecting personal information of California residents, while the GDPR applies to all organizations working within the EU, or dealing with data of EU citizens, irrespective of their country location.
    • Rights: Both give individuals the right to access and delete their data, but the GDPR also includes rights like rectification (correcting inaccurate data) and objection (objecting to processing personal data), which the CCPA does not explicitly provide.
    • Enforcement: The GDPR has more vigorous enforcement and steeper penalties, with maximum fines of up to €20 million or 4% of annual global turnover, whichever is higher. CCPA’s penalties can reach up to $7,500 per intentional violation.
    • Consent: The GDPR requires citizens’ explicit and informed consent before collecting personal data, while the CCPA does not require upfront approval but does provide citizens the right to opt out of data sales, preventing organizations from selling a citizen’s personal data.


Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.


Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Get A Demo