U.S. State Privacy Laws Resource Center

Your Resources for the CCPA, CPRA, VCDPA, CPA, CTDPA, and UCPA

Since the United States’ first comprehensive consumer privacy law, the California Consumer Privacy Act of 2018 (CCPA), became operative in California, several additional states have followed suit. The additional comprehensive U.S. state privacy laws include, the California Consumer Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). These state laws require that businesses have privacy notices that contain specific information and give consumers rights, such as the right to access, correct, and delete their personal information, to opt out of the sale of their personal information and its use for targeted advertising and automated decision-making, and to consent to, or opt out of, the use of their sensitive personal information. The laws also require businesses to protect personal information, conduct privacy assessments, and not give consumers less favorable terms when they exercise their rights. The laws also contain special protections for children, purpose limitations, data minimization requirements, and required provisions for contracts with service providers. Our team has been closely monitoring the developments related to these laws, and similar pending state bills across the United States, and we have written and presented extensively on these laws and their practical implications. We are providing the resources on these pages as an overview to help companies identify their obligations, track legislative and enforcement trends, and ultimately mitigate risk.

Featured Webinar