Overview

States have been increasingly active in passing laws and proposing regulations designed to provide privacy and data security protections for consumers. Numerous states to date have adopted omnibus privacy laws and more are likely to be adopted in the near term, increasing compliance challenges for businesses. Businesses that fall under the scope of these laws will need to build a compliance strategy to ensure their privacy practices comply with the applicable law(s).

We help clients determine which state laws may apply and map out compliance strategies for privacy, data security, and data governance across organizations, including in dealing with service providers and other third parties. We help companies comply with state laws currently in effect and prepare to transition compliance approaches for the additional state laws taking effect in the future. This includes managing risks related to privacy obligations and thinking strategically about company data governance considering these multiple and ever-evolving legal landscapes.

We provide practical and solutions-based advice, integrated with our deep knowledge of these state laws and other privacy laws nationwide.

Omnibus privacy laws are in effect or will soon take effect in the following states:

  • California
    • The California Consumer Privacy Act (CCPA) took effect on January 1, 2020.
    • The California Privacy Rights and Enforcement Act (CPRA) amends the CCPA and took effect on January 1, 2023.
  • Virginia
    • The Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023.
  • Colorado
    • The Colorado Privacy Act (CPA) takes effect on July 1, 2023.
  • Connecticut
    • The Connecticut Data Privacy Act (CTDPA) takes effect on July 1, 2023.
  • Utah
    • The Utah Consumer Privacy Act (UCPA) takes effect on December 31, 2023.

  • Texas

    • The Texas Data Privacy and Security Act (TDPSA) takes effect on July 1, 2024.
  • Oregon
    • The Oregon Consumer Privacy Act (OCPA) takes effect on July 1, 2024.

  • Florida

    • The Florida Digital Bill of Rights (FDBR) was passed on May 4, 2023. If signed into law, it will take effect on July 1, 2024. The FDBR has a narrower scope of covered businesses than the other omnibus privacy laws: it targets businesses that generate $1 billion or more in global gross annual revenues and meet certain other criteria such as deriving 50% or more of its revenues from the sale of online advertising. For more information about the scope of this bill, reach out to our team.
  • Montana
    • The Montana Consumer Data Protect Act (MTCDPA) takes effect on October 1, 2024.
  • Iowa
    • The Iowa Consumer Data Protection Act (IACDPA) takes effect on January 1, 2025.
  • Delaware
    • The Delaware Personal Data Privacy Act (DPDPA) takes effect on January 1, 2025 (if the Governor signs by January 1, 2024).
  • Tennessee
    • The Tennessee Information Protection Act (TIPA) takes effect on July 1, 2025.
  • Indiana
    • The Indiana Consumer Data Protection Act (INCDPA) takes effect on January 1, 2026.

We advise clients from startups to large corporations, and across sectors including technology, telecommunications, and media; insurance; financial services; health care; advertising and marketing; and many more.

Depending on the client’s needs, we advise on both full-scale compliance and targeted questions. Our capabilities include:

  • Privacy policy and notice revisions
  • Reviewing and negotiating vendor agreements
  • Compliance training
  • Managing consumer requests
  • Managing approaches to employee and B2B data
  • Strategic advice on data governance questions
  • Developing and managing approaches to dealing with children’s data
  • Managing risks related to potential investigations and enforcement
  • Developing advocacy strategies and approaches to upcoming rulemakings

Our team of attorneys brings depth and breadth of experience to dealing with this challenging, unclear, and constantly shifting law, drawing on multidisciplinary backgrounds. Subscribe to our mailing list, as we often release new webinars, event information, and alerts regarding the latest developments and practical tips on how to navigate complex compliance obligations in this evolving legal landscape.

Recent Insights

California AG Initiates CCPA Investigations, Despite Setback in Court (July 2023)

Webinar: How to Keep Up with the Influx of New State Privacy Laws and Regulations (June 2023)

Five New States Advance Privacy Laws in May 2023 (June 2023)

State Privacy Update: California Finalizes New CCPA Regulations and Iowa Becomes the Sixth State to Adopt Comprehensive Privacy Legislation (April 2023)

Podcast: State Privacy Laws and Federal Government Contractors (April 2023)

State Privacy Update: A New Omnibus Privacy Law Passes in Iowa, Colorado Finalizes Privacy Rules (March 2023)

California Moves Closer to Finalizing Updated CCPA Regulations and Launching a New Rulemaking for Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking (February 2023)

Webinar: Staying Ahead of State Privacy Laws: Tips and Best Practices for Building Compliant Strategies for Five Key States (January 2023)

With 2023 Compliance Deadlines Looming for Several New State Privacy Laws, California and Colorado Release Draft Privacy Rules (October 2022)

Podcast: An Introduction to the California Age-Appropriate Design Code (September 2022)

California AG Issues First Fine for CCPA Violations (September 2022)

California Age-Appropriate Design Code Act to Impose Significant New Requirements on Businesses Providing Online Services, Products, or Features (August 2022)

California Privacy Protection Agency Releases Draft CPRA Regulations (July 2022)

And Then There Were Five: Connecticut Adopts Comprehensive State Privacy Law (May 2022)

Webinar: Preparing for New State Privacy Frameworks (March 2022)

Webinar: Preparing for New State Privacy Frameworks (March 2022)

Utah to Add Fourth Omnibus Privacy Law to the Growing State Patchwork (March 2022)

Webinar: Preparing for New State Privacy Frameworks (March 2022)

California Privacy Enforcement Moves Forward With Rulemaking on Horizon (February 2022)

Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)

Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)

Steps to Take in 2022 To Prepare for New State Privacy Laws (January 2022)

California Set to Begin Potentially Far-Reaching Rulemaking on Privacy (October 2021)

Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)

Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)

Webinar: Shifting U.S. Privacy Regulation: New State Laws Complicate Compliance Efforts (September 2021)

California’s New Privacy Agency Kicks Off the New CPRA Rulemaking Process (September 2021)

Colorado Legislature Passes Comprehensive Privacy Law: Five Things You Should Know About the Colorado Privacy Act (June 2021)

CCPA Compliance Reminder: Annual Privacy Policy Update (June 2021)

Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)

Five Considerations for Navigating Privacy Compliance Under Virginia’s and California’s New Laws (May 2021)

Webinar: Virginia’s New Privacy Law: How to Navigate the New Privacy Framework (April 2021)

Virginia Enacts Comprehensive Privacy Legislation (March 2021)

California Attorney General Issues Further Revisions to CCPA Opt-Out Requirements (March 2021)

Webinar: California Privacy Rights Act – What Does It Mean For You? (February 2021)

Contact Us

View all practice area professionals >

Guides

Download

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.