Overview
States have been increasingly active in passing laws and proposing regulations designed to provide privacy and data security protections for consumers. Five states to date have adopted omnibus privacy laws. Businesses that operate in these states or sell goods or services to residents of these states will need to build a compliance strategy to ensure their privacy practices comply with the applicable law(s). We help clients determine which state laws may apply and map out compliance strategies for privacy, data security, and data governance across organizations, including in dealing with service providers and other third parties.
Omnibus privacy laws are in effect or will soon take effect in the following states:
- California
- The California Consumer Privacy Act (CCPA) took effect on January 1, 2020.
- The California Privacy Rights and Enforcement Act (CPRA) amends the CCPA and takes effect in January 1, 2023.
- Virginia
- The Virginia Consumer Data Protection Act (VCDPA) takes effect on January 1, 2023.
- Colorado
- The Colorado Privacy Act (CPA) takes effect on July 1, 2023.
- Connecticut
- The Connecticut Data Privacy Act (CTDPA) takes effect on July 1, 2023.
- Utah
- The Utah Consumer Privacy Act (UCPA) takes effect on December 31, 2023.
We help companies comply with the CCPA and prepare to transition compliance approaches for the additional state laws taking effect in 2023. This includes managing risks related to privacy obligations and thinking strategically about company data governance in light of multiple and ever-evolving legal landscapes. We provide practical and solutions-based advice, integrated with our deep knowledge of these state laws and other privacy laws nationwide.
We advise clients from startups to large corporations, and across sectors including technology, telecommunications, and media; insurance; financial services; health care; advertising and marketing; and many more.
Depending on the client’s needs, we advise on both full-scale compliance and targeted questions. Our capabilities include:
- Privacy policy and notice revisions
- Reviewing and negotiating vendor agreements
- Compliance training
- Managing consumer requests
- Managing approaches to employee and B2B data
- Strategic advice on data governance questions
- Developing and managing approaches to dealing with children’s data
- Managing risks related to potential investigations and enforcement
- Developing advocacy strategies and approaches to upcoming rulemakings
Our team of attorneys brings depth and breadth of experience to dealing with this challenging, unclear, and constantly shifting law, drawing on multidisciplinary backgrounds. Subscribe to our mailing list, as we often release new webinars, event information, and alerts regarding the latest developments and practical tips on how to navigate complex compliance obligations in this evolving legal landscape.
California
- Webinar: Preparing for New State Privacy Frameworks (March 2022)
- California Privacy Enforcement Moves Forward With Rulemaking on Horizon (February 2022)
- Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
- California Set to Begin Potentially Far-Reaching Rulemaking on Privacy (October 2021)
- Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
- California’s New Privacy Agency Kicks Off the New CPRA Rulemaking Process (September 2021)
- CCPA Compliance Reminder: Annual Privacy Policy Update (June 2021)
- Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)
- California Attorney General Issues Further Revisions to CCPA Opt-Out Requirements (March 2021)
- Webinar: California Privacy Rights Act – What Does It Mean For You? (February 2021)
Colorado
- Webinar: Preparing for New State Privacy Frameworks (March 2022)
- Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
- Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
- Colorado Legislature Passes Comprehensive Privacy Law: Five Things You Should Know About the Colorado Privacy Act (June 2021)
Connecticut
Utah
Virginia
- Webinar: Preparing for New State Privacy Frameworks (March 2022)
- Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)
- Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)
- Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)
- Webinar: Virginia’s New Privacy Law: How to Navigate the New Privacy Framework (April 2021)
- Virginia Enacts Comprehensive Privacy Legislation (March 2021)
Contact Us
Contact Us
Duane C. Pozza
202.719.4533 | dpozza@wiley.law
Joan Stewart
202.719.7438 | jstewart@wiley.law
Kathleen E. Scott
202.719.7577 | kscott@wiley.law
Related Capabilities
- Artificial Intelligence (AI)
- Connected & Autonomous Vehicles
- Cyber and Privacy Investigations, Incidents & Enforcement
- Cyber Insurance
- Digital Assets, Cryptocurrencies, and Blockchain
- Digital Health
- GDPR and Global Privacy
- State Privacy Laws
- Transactional Support and Due Diligence on Privacy and Cybersecurity
Guides
Related News & Insights
- EventHow to Keep Up with the Influx of New State Privacy Laws and RegulationsWiley WebinarJune 8, 2023Duane C. Pozza, Kathleen E. Scott, Joan Stewart
- Blog PostThe FTC Safeguards Rule: A Deep Dive into the Revisions Effective June 9, 2023Wiley ConnectMay 25, 2023Duane C. Pozza, Antonio J. Reynolds, Kathleen E. Scott, Stephen J. Conley
- Blog PostState Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy LegislationWiley ConnectApril 7, 2023Duane C. Pozza, Kathleen E. Scott, Joan Stewart, Scott Bouboulis
- PodcastState Privacy Laws and Federal Government ContractorsWiley Government ContractsMarch 29, 2023Craig Smith, Kathleen E. Scott, Joan Stewart