top of page

A Comprehensive Overview of U.S. State Data Privacy Laws

Updated: Aug 28



The nationwide adoption of state data privacy laws, also known as state data privacy acts, is poised to reshape the data reporting landscape for countless employers and businesses. 



Currently, 15 states have signed comprehensive state data privacy laws, including California, Colorado, Connecticut, Utah, Virginia, Delaware, Florida, Indiana, Iowa, Minnesota, Montana, New Jersey, Oregon, Tennessee, and Texas.



These legislative measures aim to establish robust legal frameworks for data protection in the absence of a federal mandate on data privacy.



The growing digitization of our world, characterized by personal mobile devices, social media platforms, and heightened online interaction for information dissemination and photo sharing, has led to legislative measures increasingly focused on safeguarding individual privacy.



Protection for the Consumer


State data privacy laws are regulations established at the state level to oversee the collection, utilization, storage, and dissemination of personal information by individuals, businesses, and other entities within the jurisdiction of a specific state. These laws aim primarily to safeguard consumers, whose personal data is collected by businesses and other organizations.


As laws become more stringent in protecting individuals and restricting access to personal information sharing, employers may encounter challenges in collecting employee information and keeping pace with the dynamic digital landscape and the accompanying legal amendments. 


Effects on Businesses


The California Consumer Privacy Act (CCPA) was initially enacted in 2018, sparking a broader dialogue in the United States regarding federal and state data privacy legislation. With this conversation gaining momentum, business owners are beginning to contemplate the potential impact of these new regulations on their operations and strategize ways to ensure compliance.


Small and medium-sized businesses could face significant challenges from these data privacy laws, primarily due to the financial burden of compliance and the infrastructure necessary for implementation. Moreover, they may experience more profound impacts compared to large businesses, as they often lack the resources and capacity to manage compliance tasks effectively and stay abreast of the constantly evolving data law requirements.


Challenges may also emerge for businesses operating across multiple states, as they must navigate a complex web of similar yet distinct state data privacy laws. This array of regulations could pose compliance difficulties and increase the administrative burden for businesses striving to adhere to varying legal requirements across different jurisdictions.


If you have specific questions about staying compliant with legal mandates or understanding how data privacy laws might affect your business, it's advisable to reach out to your Client Service Representative at Cornerstone PEO. They should be able to provide you with the necessary information and support tailored to your specific situation. They can advise on compliance measures, potential impacts on your business operations, and any necessary adjustments to ensure adherence to relevant regulations.


Below are the currently enacted state data privacy laws, as well as the signed data privacy laws set to go into effect from now until 2026. For more details on these laws, please continue reading below. Additionally, for a comprehensive infographic featuring all state data privacy acts, please scroll to the bottom of this page for a link.


Current Enacted State Date Privacy Laws


The current enacted state data privacy acts are in effect in California, Colorado, Connecticut, Florida, Oregon, Texas, Utah, and Virginia. Below, we provide an overview of these enacted laws by state and include direct links to the respective state government websites for easy reference and clarity.


*These state data privacy acts may change based on the digitization of our world and the increased access to personal and professional information. It is always recommended by Cornerstone PEO to check your local, state, and federal legal requirements and compliance regulations.


California

California Consumer Privacy Act of 2018 (CCPA)

California Privacy Rights Act of 2020 (CPRA)


Colorado

Colorado Privacy Act (CPA)

Biometric Data Amendments Passed June 3, 2024.

Amendments go into effect July 1, 2025.


Connecticut

Act Concerning Personal Data Privacy and Online Monitoring (CTDPA)


Florida

Florida Digital Bill of Rights (FDBR)


Oregon

Oregon Consumer Privacy Act (OCPA)


Texas

Texas Data Privacy and Security Act (TDPSA)


Utah

Utah Consumer Privacy Act (UCPA)


Virginia

Consumer Data Protection Act (CDPA)

Signed State Date Privacy Laws


Below, we provide an overview of the laws and distinctions within each of these states where data privacy legislation is currently in progress but has not yet been enacted. All of these State Data Privacy Acts have been signed, and their respective start dates and state government websites or direct PDFs are also included for reference.


Delaware

Delaware Personal Data Privacy Act (DPDPA)

Effective January 1, 2025


Indiana

Indiana Consumer Data Protection Act (INCDPA)

Effective January 1, 2026


Iowa

Iowa Consumer Data Protection Act (ICDPA)

Effective January 1, 2025


Minnesota

Minnesota Consumer Data Privacy Act (MCDPA)

Effective July 31, 2025

 

Montana

Montana Consumer Data Privacy Act (MCDPA)

Effective October 1, 2024

New Jersey

The New Jersey Data Protection Act (NJDPA)

Effective January 15, 2025


Tennessee

Tennessee Information Protection Act (TIPA)

Effective July 1, 2025



Here is a link to a comprehensive infographic featuring all state data privacy acts for your convenience.




Comments


bottom of page