Skip to main content
Skip to navigation

Regulatory Policy

From 5 to 11: Keeping up with new state data privacy laws

By Adrianne Appel2023-09-06T15:00:00

If multi-state businesses thought at the start of 2023 complying with a patchwork of U.S. state privacy laws was going to be a lot of work, now they must be overwhelmed.

In a few short months, the number of states sporting comprehensive privacy laws went from five to 11, plus one more in Delaware awaiting the governor’s signature.

Those states include California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, as tracked by the International Association of Privacy Professionals. There are also states, like Florida, with more lenient privacy laws on the books.

There is such variation among the laws, including when they take effect, that coming into compliance requires significant footwork, said Roy Wyman, a member at law firm Bass, Berry & Sims focusing on security and data privacy.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Podcast
Digital Transformation of Compliance podcast: Ryder CCO Pilar Caballero

2023-10-31T16:00:00Z By Kyle Brasseur

In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.
News Brief
CPPA sets sights on connected vehicles in first review

2023-08-01T19:14:00Z By Jeff Dale

The California Privacy Protection Agency is probing the data privacy practices of connected vehicle manufacturers and their technologies as part of its first enforcement review.
Premium
California privacy reg delay offers little more than short reprieve

2023-07-13T16:29:00Z By Adrianne Appel

Many businesses are breathing a sigh of relief following a court ruling that delayed enforcement of certain provisions of the California Privacy Rights Act, but companies should not rest on their laurels, according to experts.

More from Regulatory Policy

Article
Compliance told to focus on reality as Euro courts brace for slew of greenwashing cases

2025-12-30T07:00:00Z By Ruth Prickett

In 2025, the regulatory focus on greenwashing intensified globally. This trend is set to accelerate in 2026, and compliance has a key part to play in ensuring corporate statements are honest.
Article
SFO guidance on evaluating compliance programs short on specifics, experts say

2025-12-30T07:00:00Z By Neil Hodge

Companies looking for greater certainty about how they might avoid criminal prosecution for bribery, fraud, and corruption offences may find they’re going to be disappointed if they’re looking for definitive answers in the latest guidance from the U.K.’s main fraud investigator, say experts.
Article
EU loosens AI and data rules

2025-12-24T18:45:00Z By Neil Hodge

Europe has been at the forefront of designing strong—but flexible—rules around data use and the safe development of AI, but the EU recently announced plans to simplify some key measures around data privacy and AI governance, which have met with mixed responses.