Skip to main content
Skip to navigation

Regulatory Policy

From 5 to 11: Keeping up with new state data privacy laws

By Adrianne Appel2023-09-06T15:00:00

If multi-state businesses thought at the start of 2023 complying with a patchwork of U.S. state privacy laws was going to be a lot of work, now they must be overwhelmed.

In a few short months, the number of states sporting comprehensive privacy laws went from five to 11, plus one more in Delaware awaiting the governor’s signature.

Those states include California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, as tracked by the International Association of Privacy Professionals. There are also states, like Florida, with more lenient privacy laws on the books.

There is such variation among the laws, including when they take effect, that coming into compliance requires significant footwork, said Roy Wyman, a member at law firm Bass, Berry & Sims focusing on security and data privacy.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Podcast
Digital Transformation of Compliance podcast: Ryder CCO Pilar Caballero

2023-10-31T16:00:00Z By Kyle Brasseur

In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.
News Brief
CPPA sets sights on connected vehicles in first review

2023-08-01T19:14:00Z By Jeff Dale

The California Privacy Protection Agency is probing the data privacy practices of connected vehicle manufacturers and their technologies as part of its first enforcement review.
Premium
California privacy reg delay offers little more than short reprieve

2023-07-13T16:29:00Z By Adrianne Appel

Many businesses are breathing a sigh of relief following a court ruling that delayed enforcement of certain provisions of the California Privacy Rights Act, but companies should not rest on their laurels, according to experts.

More from Regulatory Policy

Article
Bank of England tightens liquidity requirements for U.K. banks

2026-03-25T20:37:00Z By Ruth Prickett

U.K. banks must reassess how quickly they could monetize their assets in the event of a crisis under new rules proposed by the Bank of England’s regulatory body, the Prudential Regulation Authority. The proposals are the first changes to the liquidity rules since these were updated in the aftermath of ...
Article
Europe’s groundbreaking crypto rules put at risk by delays in implementation

2026-03-24T21:25:00Z By Neil Hodge

Europe may have taken the lead in attempting to regulate cryptoasset firms before any other major jurisdiction, but a year after the ground-breaking rules came into force, it does not necessarily follow that they are robust or that the industry they are meant to hold accountable is embracing them.
Article
Compliance must focus on corruption as EU and U.K. seek to tackle rising risks

2026-03-19T14:50:00Z By Ruth Prickett

Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.