Jul 28, 2025
Fair Credit Reporting Act (FCRA): An overview
The Fair Credit Reporting Act (FCRA) promotes transparency, empower consumers, and reduces risks of privacy violations and discrimination based on financial history in the US. We look at who the FCRA applies to, key provisions, and steps that businesses can take to protect individuals’ credit data.
Jul 11, 2025
US data privacy laws by state: Effective dates and general thresholds
Each state-level data privacy law in the United States has its own effective date and compliance thresholds involving operational data processing and/or revenue. We’ve assembled this information for all current US state-level data privacy laws to support data privacy compliance across the US.
Jun 25, 2025
California Invasion of Privacy Act (CIPA): An overview
The California Invasion of Privacy Act (CIPA) has been around for decades, passed to protect confidential communications and requiring consent for monitoring and recording. Updates to tracking technology have kept it relevant. We look at CIPA’s requirements, consumers’ rights, and more.
Apr 22, 2025
Six class action lawsuits filed in California over alleged tracking after users opted-out via CMPs
Enforcement of data privacy regulations is ramping up in the United States as more such laws come into force. We look at six class action lawsuits filed in California and dig into the alleged violations, how consent management was involved, and how companies can achieve better data and privacy compliance.
Apr 17, 2025
The Trump administration, DOGE, and data privacy
The second Trump administration has stated goals of streamlining and rooting out fraud. Central to those efforts is the Department of Government Efficiency. However, their actions have sparked concerns and legal challenges around security and data privacy in the US and abroad.
Mar 26, 2025
Data brokers and data privacy: Monetization, regulation, and how they affect consumers
Data brokers obtain personal data from a wide variety of sources, aggregate and analyze it, and sell it to many companies, agencies, and industries. The business is highly lucrative. We look at what data gets collected, from where, how it’s used and monetized, and what laws regulate this industry.
Feb 11, 2025
Understanding the New York SHIELD Act
The New York SHIELD Act affects any business handling New York state residents' private information. With specific security requirements, breach notification deadlines, and new protected data categories from March 2025, businesses worldwide must understand their obligations.
Feb 7, 2025
US data privacy laws by state: rights and requirements
In 2025 more US state privacy laws will come into effect than in any previous year, though federal legislation remains stalled. We compare what US state-level data privacy laws mean for consumers and businesses.
Jan 31, 2025
American Data Privacy and Protection Act (ADPPA) – an overview
The American Data Privacy and Protection Act (ADPPA), if enacted, would have established the first comprehensive federal data privacy law in the US. Learn about privacy requirements, enforcement mechanisms, and special obligations for large data holders.
Jan 28, 2025
Oregon Consumer Privacy Act (OCPA): An Overview
The Oregon Consumer Privacy Act (OCPA), in effect since July 1, 2024, imposes obligations on businesses operating in Oregon. Companies must comply with its provisions regarding the processing, sharing, and protection of Oregon residents’ personal data.
Jan 10, 2025
Gramm-Leach-Bliley Act (GLBA): An overview
The GLBA establishes privacy and security requirements for financial institutions to protect consumer data. In this article, we explore who the GLBA applies to, the Act’s key provisions, and the compliance steps for businesses to take to safeguard consumers’ sensitive financial information.
Dec 20, 2024
The Video Privacy Protection Act (VPPA) explained
The Video Privacy Protection Act (VPPA) was passed in 1988 to protect video rental history and viewing data. Today, its application extends to online video platforms like streaming services. Learn how US courts are interpreting the law and what steps to take for your business to comply.
Dec 5, 2024
CalOPPA: Understanding the California Online Privacy Protection Act
If your website collects personally identifiable information from California residents, you may be subject to the California Online Privacy Protection Act (CalOPPA). We break down who must comply, what the law requires, and how to create a privacy policy that aligns with CalOPPA’s standards.
Oct 11, 2024
Health Insurance Portability and Accountability Act (HIPAA): An overview
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that came into effect in 1996. It covers collection, use, and security requirements for protected health information in healthcare and healthcare insurance industries.
Sep 20, 2024
Rhode Island Data Transparency and Privacy Protection Act explained
The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) takes effect January 1, 2026, introducing important safeguards for data privacy and customer rights in the state. Businesses must familiarize themselves with the law and its implications for data handling practices.
Sep 19, 2024
California Consumer Privacy Act (CCPA) – an overview
In effect since January 1, 2020, the California Consumer Privacy Act (CCPA) was the first US state-level consumer privacy law. It established consumers’ rights, set obligations for businesses, and influenced subsequent privacy regulations in other states.
Sep 17, 2024
Utah Consumer Privacy Act (UCPA): an overview
The UCPA provides rights to consumers and places responsibilities on businesses to protect consumer data and use it compliantly. We explore its key provisions and what they mean for both consumers and companies.
Aug 19, 2024
Minnesota Consumer Data Privacy Act (MCDPA) – an overview
The Minnesota Consumer Data Privacy Act (MCDPA) takes effect on July 31, 2025, establishing new standards for data privacy and consumer protection in the state. Businesses preparing for compliance must understand the key provisions and implications for consumer rights to ensure a smooth transition.
Jul 30, 2024
Kentucky Consumer Data Protection Act (KCDPA) — an overview
The Kentucky Consumer Data Protection Act (KCDPA) goes into effect on January 1, 2026. Businesses that operate in the state and process the personal data of Kentucky residents must be ready to comply with its provisions or risk facing civil penalties.
Jun 28, 2024
Maryland Online Data Privacy Act: an overview
The Maryland Online Data Privacy Act takes effect on October 1, 2025. It includes stricter privacy compliance requirements than other US states and impacts businesses that operate in Maryland.
Jun 25, 2024
Nebraska Data Privacy Act: an overview
The Nebraska Data Privacy Act comes into effect on January 1, 2025 and has significant regulatory implications for businesses operating in the state.
Apr 15, 2024
New Hampshire Data Privacy Act (NHDPA): An Overview
The New Hampshire Privacy Act is the 14th state-level data privacy law passed in the United States. It was the first data privacy bill passed in 2024, on January 18, prior to New Jersey’s, but New Hampshire’s governor signed it into law later, on March 6. It comes into effect January 1, 2025.
Apr 5, 2024
New Jersey Data Privacy Act (NJDPA): An Overview
The New Jersey Data Privacy Act is the 15th state-level data privacy law passed in the United States. It was the second data privacy bill passed in 2024, after New Hampshire’s, but New Jersey’s governor signed it into law on January 16, 2024. It comes into effect one year from that date.
Mar 20, 2024
The Virginia Consumer Data Protection Act (VCDPA) explained: key points and implications
The Virginia Consumer Data Protection Act was the second US state-level privacy law passed, in effect from January 1, 2023. It establishes consumers’ rights and companies’ responsibilities, and has been influential over subsequent data privacy laws passed in other states.
Feb 28, 2024
California Privacy Rights Act (CPRA) enforcement is starting: what you need to know
The California Privacy Rights Act (CPRA) has been in effect since January 1, 2023. CPRA enforcement was delayed due to a legal challenge but the law is now enforceable as of early February 2024, managed by the California Privacy Protection Agency (CPPA).
Jan 5, 2024
Delaware Personal Data Privacy Act (DPDPA): An Overview
The Delaware Personal Data Privacy Act is the twelfth state-level data privacy law passed in the United States. It’s considered one of the more consumer-friendly state-level data privacy laws. The DPDPA was signed by Delaware’’s governor on September 11, 2023 and comes into effect January 1, 2025.
Jul 28, 2023
Understanding the Florida Digital Bill of Rights (FDBR): A complete overview
The Florida Digital Bill of Rights is the tenth state-level data privacy law passed in the United States, with a critical focus on online social media platforms and the protection of children.
Jul 27, 2023
Texas Data Privacy and Security Act (TDPSA): An Overview
The Texas Data Privacy and Security Act is the eleventh comprehensive state-level data privacy law passed in the United States, signed into law within days of Florida’s regulation.
Jun 29, 2023
Indiana Consumer Data Protection Act (INCDPA): An Overview
The Indiana Consumer Data Protection Act is the seventh state-level data privacy law passed in the United States, signed into law May 1, 2023.
Jun 22, 2023
Montana Consumer Data Privacy Act (MTCDPA): An Overview
The Montana Consumer Data Privacy Act is the ninth state-level data privacy law passed in the United States, signed into law the same day as Tennessee’s.
Jun 21, 2023
Tennessee Information Protection Act (TIPA): An Overview
The Tennessee Information Protection Act is the eighth state-level data privacy law passed in the United States, signed into law the same day as Montana’s.
May 31, 2023
California's Privacy Scrutiny: What Should App Publishers Prepare For?
California regulators have set their sights on mobile app compliance with CCPA in 2023, and app makers with users in the Golden State need to be prepared. In this article, we cover what legislators are looking at and how you can turn this threat into an opportunity with optimized consent management.
May 25, 2023
Iowa Consumer Data Protection Act (ICDPA): An Overview
The Iowa Consumer Data Protection Act is the sixth state-level data privacy law passed in the United States and like Utah’s is considered quite “business-friendly”.
Mar 8, 2023
Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA) and Amendment SB-260: An Overview
The NPICICA precedes California’s data privacy laws and is more specific to data privacy on websites and other online properties.
Dec 16, 2022
Connecticut Data Privacy Act (CTDPA): An overview
The Connecticut Data Privacy Act is the fifth state-level privacy law passed in the United States and is the most consumer-friendly one to date.
Nov 3, 2021
Children’s Online Privacy Protection Act (COPPA) - An Overview
The Children’s Online Privacy Protection Act is a federal law in the United States that came into effect in 2000 and protects personal information of children under 13.
Oct 19, 2021
Colorado Privacy Act: An overview
The Colorado Privacy Act is the third state-level privacy law passed in the US. It reflects consistency with other states’ laws and evolving legal thought.