States have been increasingly active in passing laws and proposing regulations designed to provide privacy and data security protections for consumers. Five states to date have adopted omnibus privacy laws. Businesses that operate in these states or sell goods or services to residents of these states will need to build a compliance strategy to ensure their privacy practices comply with the applicable law(s). We help clients determine which state laws may apply and map out compliance strategies for privacy, data security, and data governance across organizations, including in dealing with service providers and other third parties.

Omnibus privacy laws are in effect or will soon take effect in the following states:

  • California
    • The California Consumer Privacy Act (CCPA) took effect on January 1, 2020.
    • The California Privacy Rights and Enforcement Act (CPRA) amends the CCPA and takes effect in January 1, 2023.
  • Virginia
    • The Virginia Consumer Data Protection Act (VCDPA) takes effect on January 1, 2023.
  • Colorado
    • The Colorado Privacy Act (CPA) takes effect on July 1, 2023.
  • Connecticut
    • The Connecticut Data Privacy Act (CTDPA) takes effect on July 1, 2023.
  • Utah
    • The Utah Consumer Privacy Act (UCPA) takes effect on December 31, 2023.

We help companies comply with the CCPA and prepare to transition compliance approaches for the additional state laws taking effect in 2023. This includes managing risks related to privacy obligations and thinking strategically about company data governance in light of multiple and ever-evolving legal landscapes. We provide practical and solutions-based advice, integrated with our deep knowledge of these state laws and other privacy laws nationwide.

We advise clients from startups to large corporations, and across sectors including technology, telecommunications, and media; insurance; financial services; health care; advertising and marketing; and many more.

Depending on the client’s needs, we advise on both full-scale compliance and targeted questions. Our capabilities include:

  • Privacy policy and notice revisions
  • Reviewing and negotiating vendor agreements
  • Compliance training
  • Managing consumer requests
  • Managing approaches to employee and B2B data
  • Strategic advice on data governance questions
  • Developing and managing approaches to dealing with children’s data
  • Managing risks related to potential investigations and enforcement
  • Developing advocacy strategies and approaches to upcoming rulemakings

Our team of attorneys brings depth and breadth of experience to dealing with this challenging, unclear, and constantly shifting law, drawing on multidisciplinary backgrounds. Subscribe to our mailing list, as we often release new webinars, event information, and alerts regarding the latest developments and practical tips on how to navigate complex compliance obligations in this evolving legal landscape.






Contact Us

View all practice area professionals >



By using this site, you agree to our updated Privacy PolicyTerms & Conditions, and Cookies Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.