Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws tend to have similar themes and address comparable topics, there are also important differences among them — meaning a one-size-fits-all data privacy program will not suffice. Given that the federal government has yet to pass a comprehensive consumer data privacy law, organizations must ensure they comply with the law of each applicable state and monitor this rapidly evolving regulatory environment.
For a summary comparison of U.S. state comprehensive consumer data privacy laws enacted as of June 1, 2024, download Foley’s U.S. State Comprehensive Consumer Data Privacy Law Comparison Chart. Because this chart does not cover every aspect of each state law, it should be used for informational purposes only.
Without limitation, this chart does not cover:
- State data privacy laws specific to only a particular type of data, such as the Washington My Health My Data Act
- All entity-level or data-level exemptions
- Contents of the privacy notice
- Procedures for responding to consumer rights requests
- Specific obligations when engaging service providers or other third parties
- Compliance obligations for service providers or other third parties
- Universal opt-out requirements
- Financial incentives
- Discrimination prohibitions
For more information about U.S. state comprehensive consumer data privacy laws or other data privacy matters, please contact one of the following individuals listed below or another senior member of Foley’s Technology Transactions, Cybersecurity, and Privacy Practice.