Build your roadmap to 2023 US privacy compliance

Technology displays man and womanOver the last year, 31 states have introduced new privacy regulations, with three states passing new laws aimed at protecting the privacy of their residents. These include California’s Privacy Rights Act (CPRA) in November 2020, Virginia’s Consumer Data Protection Act (CDPA) in March 2021 and Colorado’s Privacy Acts (CPA) in July 2021. As the U.S. privacy landscape continues to evolve — with both states and Congress continuing to push for new privacy legislation — organizations will have their hands full throughout 2022. CPRA, CDPA and CPA are all set to take effect in January 2023 and become enforceable July 2023.


Organizations that fall under each law’s jurisdiction have 15 months to establish privacy programs compliant with the new requirements and must comply with the 12-month lookback requirements. Below is an overview of core privacy requirements under recent legislation, how they compare and privacy compliance activities that organizations should consider.


These requirements are forcing organizations to be prepared ahead of 2023, and adding to the complexity of implementing a holistic privacy program.

Lindsay Hohler
Principal, Privacy and Data Protection
T +1 703 847 7529

Ariana Davis
Senior Manager, Privacy and Data Protection
T +1 212 624 5336

Eric Paulson
Exp Manager, Privacy and Data Protection
T +1 443 841 2570