Skip to main content
Skip to navigation

Regulatory Policy

From 5 to 11: Keeping up with new state data privacy laws

By Adrianne Appel2023-09-06T15:00:00

If multi-state businesses thought at the start of 2023 complying with a patchwork of U.S. state privacy laws was going to be a lot of work, now they must be overwhelmed.

In a few short months, the number of states sporting comprehensive privacy laws went from five to 11, plus one more in Delaware awaiting the governor’s signature.

Those states include California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, as tracked by the International Association of Privacy Professionals. There are also states, like Florida, with more lenient privacy laws on the books.

There is such variation among the laws, including when they take effect, that coming into compliance requires significant footwork, said Roy Wyman, a member at law firm Bass, Berry & Sims focusing on security and data privacy.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Podcast
Digital Transformation of Compliance podcast: Ryder CCO Pilar Caballero

2023-10-31T16:00:00Z By Kyle Brasseur

In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.
News Brief
CPPA sets sights on connected vehicles in first review

2023-08-01T19:14:00Z By Jeff Dale

The California Privacy Protection Agency is probing the data privacy practices of connected vehicle manufacturers and their technologies as part of its first enforcement review.
Premium
California privacy reg delay offers little more than short reprieve

2023-07-13T16:29:00Z By Adrianne Appel

Many businesses are breathing a sigh of relief following a court ruling that delayed enforcement of certain provisions of the California Privacy Rights Act, but companies should not rest on their laurels, according to experts.

More from Regulatory Policy

Article
Compliance must focus on corruption as EU and U.K. seek to tackle rising risks

2026-03-19T14:50:00Z By Ruth Prickett

Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.
Article
Employment law in the age of AI: Compliance considerations

2026-03-18T00:00:00Z By Jaclyn Jaeger

Employment law in the age of AI is evolving faster than many companies can keep pace. As more states enact AI laws and as more case law piles on, chief compliance officers and in-house counsel must ensure that compliance policies and procedures evolve as AI legal and compliance risks evolve.
Article
Compliance must future-proof AI projects to meet evolving regulations

2026-03-16T20:22:00Z By Ruth Prickett

AI implementations are surging, but many new systems are being abandoned after companies have invested in expensive projects. Now evolving AI regulation is adding to the list of reasons why new systems may fail. Compliance must watch emerging regulatory developments and ensure that any new AI tools are capable of ...