Yes, Termly covers several laws, including all of the following data protection laws in the U.S.:
Yes, Termly covers several laws, including all of the following data protection laws in the U.S.:
We update our U.S. state privacy legislation-tracking map when new laws are introduced, signed, go into force, are amended, or are updated.
U.S. data privacy laws are pieces of state-level legislation that regulate how entities collect, use, and process people’s personal data within different states, granting them various rights and describing requirements for the protection of this information.
Currently, 17 states have privacy laws — 5 are entirely in force, and 11 are scheduled to take effect over the next few years.
In addition, 13 states have drafted or pending pieces of privacy legislation moving through their various governments.
The following states have data privacy laws that are either recently signed and passed or are already enforceable:
Individual U.S. states have their own data privacy laws because there is no federal data privacy law in the country, so state lawmakers have taken the initiative to protect their residents’ data based on local concerns and specific needs.
In the U.S., federal laws apply nationwide and typically supersede state laws, while state laws safeguard the residents of the specific state.
Currently, there is no federal data privacy law in the U.S., but if one passed, it would protect everyone across the nation, possibly replacing some data privacy laws at the state level.
There is a growing number of U.S. states with privacy laws, as seen in our map above.
California has the most stringent data privacy law in the U.S., the California Consumer Privacy Act (CCPA).
It limits how entities can sell or share personal data and grants consumers more rights, including the right to pursue private action if their login credentials are compromised.
The CCPA offers consumers some of the most robust privacy rights in the U.S.
Businesses must comply with any data privacy law they meet the legal threshold for, which could include multiple U.S. state laws and legislation from other parts of the world.
Most U.S. privacy laws have extraterritorial scopes and consider different factors like where your consumers come from, where your business is located, monetary thresholds, and the amount of personal data you process.
The penalties for not complying with U.S. data privacy laws vary by state but can include substantial fines and the pausing of processing activities, and in some states, individuals can pursue civil/private action.
U.S. state data privacy laws are less strict than regulations like the GDPR, and they have more limited legal thresholds.
However, like the GDPR, most data privacy laws in the U.S. grant individuals the right to know when their data is collected and processed and to access, delete, correct, and obtain a portable copy of their personal data.
Most U.S. state data privacy laws give individuals the right to know when their data is collected and to access, correct, delete, and obtain a portable copy of their data.
Additionally, many of these laws give consumers the right to opt out of certain types of data processing, like targeted advertising and the sale of their information, or to limit the collection of their sensitive personal data.
Businesses can ensure they stay compliant with evolving U.S. data privacy laws by checking if they meet the legal threshold for new laws entering into action, updating their privacy policy, and using a consent management platform to meet opt-out requirements.
You can also use an all-in-one compliance solution like Termly to make staying up-to-date with data privacy laws even easier.
A federal data privacy bill called the American Data Privacy and Protection Act (ADPPA) gained bipartisan support. It was the closest the U.S. Congress has come to passing a U.S. national privacy law, but it’s currently at a complete stop.
Despite its lack of movement, the bill provides good insight into what America’s first-ever national privacy law might eventually look like.
While there is a low number of U.S. states with data privacy laws that are comprehensive, every state in the U.S. has a data breach notification law. While the specific requirements and timelines vary, most require businesses to notify the affected individuals or a state agency within a given timeframe.
You can find more information about your state’s data privacy laws by clicking your state in the interactive privacy legislation map above, visiting your local state government website, or checking out the website of your state’s attorney general.
 
            Termly allows our users to focus more on their business instead of spending countless hours figuring out data privacy compliance. – Jona, Senior Product Manager @ Termly