US Privacy
The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 with an enforceability date of July 1, 2020, marked the first comprehensive US state privacy law. Following this, a flurry of privacy-related legislation at both the federal and state level followed. Although many of these bills failed to become law, several other states, including Colorado, Virginia, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana and Oregon have since passed privacy legislation. Moreover, a federal bill known as the American Data Privacy and Protection Act (ADPPA) is making its way through Congress. The bill is significant as it marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, the ADPPA would preempt the majority of state and local laws, rendering any similar provisions therein invalid.
With numerous states now enacting privacy legislation, and with a federal bill in the works, privacy compliance in the US has become a complex issue for companies to navigate.
​
Entry into Effect Dates
State Law Effective Date
California California Consumer Privacy Act of 2018 (CCPA) In effect
Virginia Consumer Data Protection Act (CDPA) In effect
California California Privacy Rights Act of 2020 (CPRA) In effect
Colorado Colorado Privacy Act (CPA) July 1, 2023
Connecticut Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA) July 1, 2023
Utah Consumer Privacy Act (UCPA) December 31, 2023
Florida Florida Digital Bill of Rights (FDBR) July 1, 2024
Oregon Oregon Consumer Privacy Act (OCPA) July 1, 2024
Montana Consumer Data Privacy Act (MCDPA) October 1, 2024
Iowa Iowa Consumer Data Protection Act (ICDPA) January 1, 2025
Texas Texas Data Privacy and Security Act (TDPSA) January 1, 2025
Tennessee Tennessee Information Protection Act (TIPA) July 1, 2025
Indiana Consumer Data Protection Act (ICDPA) January 1, 2026
​
If you need help in becoming and staying compliant with privacy laws in the US, please contact us!