State Privacy Laws
U.S. data privacy has entered a new era. Historically, the data privacy legal landscape has been dominated by sector-specific legislation, such as the Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act, often with a focus on cybersecurity or preventing misuse of certain types of personal information. The California Consumer Privacy Act was the first comprehensive (i.e., broad sweeping) state data privacy law added to this U.S. regulatory framework that focused on consumer protection. Since its adoption, various state-level regulatory and legislative activity has been building momentum. Today, several states have enacted or are continuing to develop comprehensive data privacy laws with requirements that apply across nearly all business sectors. Understanding the scope, applicability, and requirements of these state data privacy laws is more crucial than ever for companies operating in the U.S. While many of the recently enacted state data privacy laws became effective (i.e., operative and enforceable) in 2023, a number of new state data privacy laws will come into effect in 2024 and in the coming years, and additional data privacy legislation is also likely on the horizon.
Read our individual overviews of currently enacted comprehensive state data privacy laws to learn more. If you would like to see a chart comparison of key provisions in these laws, please contact inna.jackson@cliffordchance.com