U.S. State Privacy Laws Resource Center

Your Resources for the CCPA, CPRA, VCDPA, CPA, CTDPA, and UCPA

Since the United States’ first comprehensive consumer privacy law, the California Consumer Privacy Act of 2018 (CCPA), became operative in California, several additional states have followed suit. The additional comprehensive U.S. state privacy laws include, the California Consumer Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). These state laws require that businesses have privacy notices that contain specific information and give consumers rights, such as the right to access, correct, and delete their personal information, to opt out of the sale of their personal information and its use for targeted advertising and automated decision-making, and to consent to, or opt out of, the use of their sensitive personal information. The laws also require businesses to protect personal information, conduct privacy assessments, and not give consumers less favorable terms when they exercise their rights. The laws also contain special protections for children, purpose limitations, data minimization requirements, and required provisions for contracts with service providers. Our team has been closely monitoring the developments related to these laws, and similar pending state bills across the United States, and we have written and presented extensively on these laws and their practical implications. We are providing the resources on these pages as an overview to help companies identify their obligations, track legislative and enforcement trends, and ultimately mitigate risk.

Featured Webinar

Exempt No More: What Does the CPRA Mean for Your HR Data?

Join Morrison & Foerster partner Kristen Mathews and of counsel Suhna Pierce for an in-depth look at how the change of exemption for employee data will impact businesses and a discussion about how to fold HR data into your compliance program.




Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.