U.S. State Law Tracker
Comprehensive Consumer Privacy
The passage of the California Consumer Privacy Act (CCPA) is widely regarded as a watershed moment in the development of privacy laws in the United States. States already have many laws on the books to regulate specific kinds of personal information (e.g. biometrics), specific kinds of industries or use cases (e.g. education, health, financial) and specific kinds of behavior (e.g. data breach notification), but the CCPA is the first comprehensive consumer privacy law to be signed into law at the state level.
Unlike other specialized state laws, the CCPA has a much wider scope in that it applies to any business in contact with the data of a California resident. In many respects, the CCPA and the new batch of comprehensive consumer privacy bills mirror the European Union’s General Data Protection Regulation (GDPR).
Since the passage of the CCPA, legislators in a number of states have introduced legislation similar to the CCPA as a way to offer their citizens privacy protections on par with those provided by the CCPA—which you can find summarized below. To learn more about proposed amendments to the CCPA itself—visit our CCPA Amendments Tracker.
Check back for more tracking information about the various comprehensive consumer privacy bills working their ways through state legislative sessions across the country.* States highlighted in red have fewer than 30 days left in their respective legislative sessions.
United States of America (USA)
U.S. State Law Tracker
Privacy law in the United States is often described as a “patchwork” or “quilt” and nowhere is that truer than state privacy laws. From data breach notification to student privacy to biometrics, each state is unique and may regulate the same activity differently. The OneTrust privacy team actively catalogs existing state privacy laws and offers intelligent tracking of privacy-related bills moving through each state’s respective legislatures so that you can focus on what’s most important and what’s on the horizon. Read below to learn more.
Last Updated: July 24, 2019
OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.