top of page

Navigating the US Privacy Patchwork: A Guide for Businesses

The landscape of data privacy in the US is rapidly evolving. In the absence of a single federal law, individual states are taking the lead, enacting comprehensive privacy legislation to protect consumer data. This creates a complex patchwork of regulations for businesses to navigate.

LFG Security Consulting is here to guide you through this dynamic environment. This blog post provides a comprehensive overview of current and upcoming US state privacy laws, highlighting key aspects and how LFG can help your business achieve compliance.

Current Active Laws (as of March 20, 2024):



Effective Date

Key Provisions


California Privacy Rights Act (CPRA)

July 1, 2023

Right to access, delete, and correct data. Right to opt-out of sale of personal information.


Colorado Privacy Act (CPA)

July 1, 2023

Similar to CPRA, with additional focus on data minimization and opt-in for targeted advertising.


Connecticut Personal Data Privacy and Protection Act

July 1, 2023

Right to access, correct, and delete data. Right to opt-out of sale of personal information.


Utah Consumer Privacy Act (UCPA)

December 31, 2023

Right to access, correct, and delete data. Right to opt-out of targeted advertising.


Virginia Consumer Data Protection Act (VCDPA)

January 1, 2023

Right to access, correct, and delete data. Right to opt-out of targeted advertising and sale of personal information.


Iowa House File 891

July 1, 2023

Protects personal information of children under 16.


Indiana Senate Bill 5

July 1, 2023

Right to access and delete data.


Tennessee Consumer Privacy Act

July 1, 2023

Right to access, correct, and delete data.


Oregon Data Protection Act (ODPA)

December 8, 2022 (enforcement starts December 8, 2023)

Similar to CPRA, with a focus on data minimization.


Montana Consumer Privacy Act

April 29, 2023

Right to access, correct, and delete data. Right to opt-out of sale of personal information.


Texas Privacy Protection Act

September 1, 2023

Right to access and correct data.


Delaware Personal Information Protection Act

March 22, 2022 (enforcement starts March 22, 2023)

Right to access and correct data.


Florida Personal Information Protection Act

July 1, 2023

Right to access data.

Laws Likely Coming Soon:

  • New Jersey: The New Jersey Privacy Act (NJPA) is currently in the works and expected to be enacted in 2024. It's anticipated to have similarities to the CPRA.

  • Massachusetts: The Massachusetts Privacy Act (MAPA) is another bill under consideration, with potential passage in 2024 or later. It's expected to focus on data minimization and consumer control.

  • North Carolina: The North Carolina Privacy Act (NCPA) is in the early stages of discussion.

Commonalities Across State Laws:

Despite variations, these state privacy laws share some core principles:

  • Consumer Rights: Consumers gain rights to access, correct, delete, and opt-out of the sale of their personal data.

  • Data Minimization: Businesses are encouraged to collect only the data necessary for their operations.

  • Transparency: Businesses must provide clear and accessible information about data collection practices.

  • Non-discrimination: Consumers cannot be penalized for exercising their data privacy rights.

How LFG Security Consulting Can Help:

LFG Security Consulting offers a comprehensive approach to navigating the US privacy landscape. Here's how we can help your business:

Compliance Gap Assessment: We will assess your current data privacy practices against relevant state laws to identify any gaps in compliance

Prioritization and Strategy: Prioritize which laws require immediate action based on your business footprint and data practices.

Policy and Procedure Development: Develop or update your data privacy policies and procedures to ensure compliance.

Implementation Support: Assist with implementing technical controls and processes to manage data access requests and deletion.

Training and Awareness: Provide training for your employees on data privacy best practices.

Our Compliance Process:

LFG will lead you through a structured process to ensure compliance:

Discovery & Assessment: We'll understand your business model, data flows, and current privacy posture.

Inventory & Mapping: Identify the data you collect, store, and process, and map it against relevant state laws.

Gap Analysis & Prioritization: Assess compliance gaps and prioritize actions based on urgency and risk.

Remediation & Implementation: Develop a roadmap for closing gaps, including policy updates, technical controls, and training.

Ongoing Monitoring & Maintenance: Provide ongoing support to maintain compliance as laws evolve.


The US data privacy landscape is dynamic, but with LFG Security Consulting as your partner, you can navigate this complexity with confidence. Our comprehensive approach will help you achieve compliance with current and upcoming state laws, protecting your business and your customers' privacy.

Contact LFG Security Consulting today to discuss your data privacy needs!



bottom of page