Extract from Tony Foley’s article “Five New Comprehensive State Privacy Laws Take Effect: What Businesses Need to Know”
As the calendar flipped to 2025, comprehensive state privacy laws took effect in Delaware, Iowa, Nebraska and New Hampshire, with New Jersey’s law following on Jan. 15. Thirteen states now have privacy laws in full effect, with six more states having passed laws that will take effect later this year or in 2026. Add the dozen or so states that are considering privacy legislation in their just-opened 2025 legislative sessions, and it’s more critical than ever that businesses familiarize themselves with the ins and outs of these requirements, particularly considering that there does not appear to be momentum toward a federal privacy law that would preempt the myriad state law provisions.
Businesses that have prepared a strategy for compliance with laws like the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (CDPA) are likely to have a leg up on their efforts to comply with the new laws. That said, there are some unique characteristics contained in the most recently effective laws that businesses need to account for in their compliance preparation. Let’s review each state in brief.
