top of page

A Comprehensive Overview of U.S. State Data Privacy Laws

The nationwide adoption of state data privacy laws, also known as state data privacy acts, is poised to reshape the data reporting landscape for countless employers and businesses. 

Currently, 14 states have signed comprehensive state data privacy laws, including California, Colorado, Connecticut, Utah, Virginia, Delaware, Florida, Indiana, Iowa, Montana, New Jersey, Oregon, Tennessee, and Texas.

These legislative measures aim to establish robust legal frameworks for data protection in the absence of a federal mandate on data privacy.

The growing digitization of our world, characterized by personal mobile devices, social media platforms, and heightened online interaction for information dissemination and photo sharing, has led to legislative measures increasingly focused on safeguarding individual privacy.

Protection for the Consumer

State data privacy laws are regulations established at the state level to oversee the collection, utilization, storage, and dissemination of personal information by individuals, businesses, and other entities within the jurisdiction of a specific state. These laws aim primarily to safeguard consumers, whose personal data is collected by businesses and other organizations.

As laws become more stringent in protecting individuals and restricting access to personal information sharing, employers may encounter challenges in collecting employee information and keeping pace with the dynamic digital landscape and the accompanying legal amendments. 

Effects on Businesses

The California Consumer Privacy Act (CCPA) was initially enacted in 2018, sparking a broader dialogue in the United States regarding federal and state data privacy legislation. With this conversation gaining momentum, business owners are beginning to contemplate the potential impact of these new regulations on their operations and strategize ways to ensure compliance.

Small and medium-sized businesses could face significant challenges from these data privacy laws, primarily due to the financial burden of compliance and the infrastructure necessary for implementation. Moreover, they may experience more profound impacts compared to large businesses, as they often lack the resources and capacity to manage compliance tasks effectively and stay abreast of the constantly evolving data law requirements.

Challenges may also emerge for businesses operating across multiple states, as they must navigate a complex web of similar yet distinct state data privacy laws. This array of regulations could pose compliance difficulties and increase the administrative burden for businesses striving to adhere to varying legal requirements across different jurisdictions.

If you have specific questions about staying compliant with legal mandates or understanding how data privacy laws might affect your business, it's advisable to reach out to your Client Service Representative at Cornerstone PEO. They should be able to provide you with the necessary information and support tailored to your specific situation. They can advise on compliance measures, potential impacts on your business operations, and any necessary adjustments to ensure adherence to relevant regulations.

Below are the currently enacted state data privacy laws, as well as the signed data privacy laws set to go into effect from now until 2026. For more details on these laws, please continue reading below. Additionally, for a comprehensive infographic featuring all state data privacy acts, please scroll to the bottom of this page for a link.

Current Enacted State Date Privacy Laws

The current enacted state data privacy acts are in effect in California, Colorado, Connecticut, Utah, and Virginia. Below, we provide an overview of these enacted laws by state and include direct links to the respective state government websites for easy reference and clarity.

*These state data privacy acts may change based on the digitization of our world and the increased access to personal and professional information. It is always recommended by Cornerstone PEO to check your local, state, and federal legal requirements and compliance regulations.


California Consumer Privacy Act of 2018 (CCPA)

California Privacy Rights Act of 2020 (CPRA)


Colorado Privacy Act (CPA)


Act Concerning Personal Data Privacy and Online Monitoring (CTDPA)


Utah Consumer Privacy Act (UCPA)


Consumer Data Protection Act (CDPA)

Signed State Date Privacy Laws

Below, we provide an overview of the laws and distinctions within each of these states where data privacy legislation is currently in progress but has not yet been enacted. All of these State Data Privacy Acts have been signed, and their respective start dates and state government websites or direct PDFs are also included for reference.


Delaware Personal Data Privacy Act (DPDPA)

Effective January 1, 2025


Florida Digital Bill of Rights (FDBR)

Effective July 1, 2024


Indiana Consumer Data Protection Act (INCDPA)

Effective January 1, 2026


Iowa Consumer Data Protection Act (ICDPA)

Effective January 1, 2025


Montana Consumer Data Privacy Act (MCDPA)

Effective October 1, 2024

New Jersey

The New Jersey Data Protection Act (NJDPA)

Effective January 15, 2025


Oregon Consumer Privacy Act (OCPA)

Effective July 1, 2024


Tennessee Information Protection Act (TIPA)

Effective July 1, 2025


Texas Data Privacy and Security Act (TDPSA)

Effective July 1, 2024

Here is a link to a comprehensive infographic featuring all state data privacy acts for your convenience.

US State Data Privacy Acts
Download PDF • 437KB


bottom of page