Over the last year, 31 states have introduced new privacy regulations, with three states passing new laws aimed at protecting the privacy of their residents. These include California’s Privacy Rights Act (CPRA) in November 2020, Virginia’s Consumer Data Protection Act (CDPA) in March 2021 and Colorado’s Privacy Acts (CPA) in July 2021. As the U.S. privacy landscape continues to evolve — with both states and Congress continuing to push for new privacy legislation — organizations will have their hands full throughout 2022. CPRA, CDPA and CPA are all set to take effect in January 2023 and become enforceable July 2023.
Organizations that fall under each law’s jurisdiction have 15 months to establish privacy programs compliant with the new requirements and must comply with the 12-month lookback requirements. Below is an overview of core privacy requirements under recent legislation, how they compare and privacy compliance activities that organizations should consider.
Our privacy and data protection insights