Overview
States have been increasingly active in passing laws and proposing regulations designed to provide privacy and data security protections for consumers. Numerous states to date have adopted omnibus privacy laws and more are likely to be adopted in the near term, increasing compliance challenges for businesses. Businesses that fall under the scope of these laws will need to build a compliance strategy to ensure their privacy practices comply with the applicable law(s).
We help clients determine which state laws may apply and map out compliance strategies for privacy, data security, and data governance across organizations, including in dealing with service providers and other third parties. We help companies comply with state laws currently in effect and prepare to transition compliance approaches for the additional state laws taking effect in the future. This includes managing risks related to privacy obligations and thinking strategically about company data governance considering these multiple and ever-evolving legal landscapes.
We provide practical and solutions-based advice, integrated with our deep knowledge of these state laws and other privacy laws nationwide.
Omnibus privacy laws are in effect or will soon take effect in the following states:
- California
- The California Consumer Privacy Act (CCPA) took effect on January 1, 2020.
- The California Privacy Rights and Enforcement Act (CPRA) amends the CCPA and took effect on January 1, 2023.
- Virginia
- The Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023.
- Colorado
- The Colorado Privacy Act (CPA) takes effect on July 1, 2023.
- Connecticut
- The Connecticut Data Privacy Act (CTDPA) takes effect on July 1, 2023.
- Utah
- The Utah Consumer Privacy Act (UCPA) takes effect on December 31, 2023.
-
Texas
- The Texas Data Privacy and Security Act (TDPSA) takes effect on July 1, 2024.
- Oregon
- The Oregon Consumer Privacy Act (OCPA) takes effect on July 1, 2024.
-
Florida
- The Florida Digital Bill of Rights (FDBR) was passed on May 4, 2023. If signed into law, it will take effect on July 1, 2024. The FDBR has a narrower scope of covered businesses than the other omnibus privacy laws: it targets businesses that generate $1 billion or more in global gross annual revenues and meet certain other criteria such as deriving 50% or more of its revenues from the sale of online advertising. For more information about the scope of this bill, reach out to our team.
- Montana
- The Montana Consumer Data Protect Act (MTCDPA) takes effect on October 1, 2024.
- Iowa
- The Iowa Consumer Data Protection Act (IACDPA) takes effect on January 1, 2025.
- Delaware
- The Delaware Personal Data Privacy Act (DPDPA) takes effect on January 1, 2025 (if the Governor signs by January 1, 2024).
- Tennessee
- The Tennessee Information Protection Act (TIPA) takes effect on July 1, 2025.
- Indiana
- The Indiana Consumer Data Protection Act (INCDPA) takes effect on January 1, 2026.
We advise clients from startups to large corporations, and across sectors including technology, telecommunications, and media; insurance; financial services; health care; advertising and marketing; and many more.
Depending on the client’s needs, we advise on both full-scale compliance and targeted questions. Our capabilities include:
- Privacy policy and notice revisions
- Reviewing and negotiating vendor agreements
- Compliance training
- Managing consumer requests
- Managing approaches to employee and B2B data
- Strategic advice on data governance questions
- Developing and managing approaches to dealing with children’s data
- Managing risks related to potential investigations and enforcement
- Developing advocacy strategies and approaches to upcoming rulemakings
Our team of attorneys brings depth and breadth of experience to dealing with this challenging, unclear, and constantly shifting law, drawing on multidisciplinary backgrounds. Subscribe to our mailing list, as we often release new webinars, event information, and alerts regarding the latest developments and practical tips on how to navigate complex compliance obligations in this evolving legal landscape.
Recent Insights
California AG Initiates CCPA Investigations, Despite Setback in Court (July 2023)
Webinar: How to Keep Up with the Influx of New State Privacy Laws and Regulations (June 2023)
Five New States Advance Privacy Laws in May 2023 (June 2023)
Podcast: State Privacy Laws and Federal Government Contractors (April 2023)
State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules (March 2023)
Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States (January 2023)
With 2023 Compliance Deadlines Looming for Several New State Privacy Laws, California and Colorado Release Draft Privacy Rules (October 2022)
Podcast: An Introduction to the California Age-Appropriate Design Code (September 2022)
California AG Issues First Fine for CCPA Violations (September 2022)
California Privacy Protection Agency Releases Draft CPRA Regulations (July 2022)
And Then There Were Five: Connecticut Adopts Comprehensive State Privacy Law (May 2022)
Webinar: Preparing for New State Privacy Frameworks (March 2022)
Webinar: Preparing for New State Privacy Frameworks (March 2022)
Utah to Add Fourth Omnibus Privacy Law to the Growing State Patchwork (March 2022)
Webinar: Preparing for New State Privacy Frameworks (March 2022)
California Privacy Enforcement Moves Forward With Rulemaking on Horizon (February 2022)
Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
California Set to Begin Potentially Far-Reaching Rulemaking on Privacy (October 2021)
Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
California’s New Privacy Agency Kicks Off the New CPRA Rulemaking Process (September 2021)
CCPA Compliance Reminder: Annual Privacy Policy Update (June 2021)
Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)
Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)
Webinar: Virginia’s New Privacy Law: How to Navigate the New Privacy Framework (April 2021)
Virginia Enacts Comprehensive Privacy Legislation (March 2021)
California Attorney General Issues Further Revisions to CCPA Opt-Out Requirements (March 2021)
Webinar: California Privacy Rights Act – What Does It Mean For You? (February 2021)
Contact Us
Contact Us
Duane C. Pozza
202.719.4533 | dpozza@wiley.law
Joan Stewart
202.719.7438 | jstewart@wiley.law
Kathleen E. Scott
202.719.7577 | kscott@wiley.law
Related Capabilities
- Artificial Intelligence (AI)
- Connected & Autonomous Vehicles
- Cyber and Privacy Investigations, Incidents & Enforcement
- Cyber Insurance
- Digital Assets, Cryptocurrencies, and Blockchain
- Digital Health
- GDPR and Global Privacy
- State Privacy Laws
- Transactional Support and Due Diligence on Privacy and Cybersecurity
Guides
Related News & Insights
- AlertFCC Expands Privacy and Data Protection Work with States to Increase InvestigationsDecember 7, 2023Megan L. Brown, Duane C. Pozza, Kevin G. Rupy, Kathleen E. Scott, Sydney M. White, Stephen J. Conley
- Blog PostCalifornia AG Initiates CCPA Investigations, Despite Setback in CourtWiley ConnectJuly 19, 2023Kathleen E. Scott, Joan Stewart, Tyler Bridegan, Boyd Garriott
- EventHow to Keep Up with the Influx of New State Privacy Laws and RegulationsWiley WebinarJune 8, 2023Duane C. Pozza, Kathleen E. Scott, Joan Stewart
- Blog PostFive New States Advance Privacy Laws in May 2023Wiley ConnectJune 7, 2023Duane C. Pozza, Kathleen E. Scott, Joan Stewart, Kelly Laughlin