All 50 states have data security regulations, in addition to federal laws.

Since the implementation of GDPR in Europe (May 25, 2018), 4 states have passed new legislation, and at least 22 states have proposed legislation or have enacted study bills. In addition, at least 8 federal laws are currently proposed.

  • ERI Facility
  • New Legislation
    • California California Consumer Privacy Act
    • Nevada SB220
    • Maine Act to Protect Privacy of Online Consumer Information
    • New York SHIELD Act
  • Proposed Legislation/Task Force Establishment
    • Connecticut RB1108 (TF)
    • Florida H963 (DNP)
    • Hawaii HB2572
    • Illinois Data Transparency & Privacy Act
    • Louisiana HR249 (TF)
    • Maryland Online Consumer Protection Act
    • Massachusetts SD311/S120 (TF)
    • Minnesota Consumer Data Privacy Act
    • Mississippi Consumer Privacy Act (DNP)
    • Nebraska Consumer Data Privacy Act
    • New Hampshire HB1680
    • New Jersey A2188
    • New Mexico Consumer Information Privacy Act (DNP)
    • New York NY Privacy Act
    • North Dakota HB1485 (TF)
    • Pennsylvania Consumer Data Privacy Act (DNP)
    • Rhode Island Consumer Privacy Protection Act (DNP)
    • South Carolina Biometric Data Privacy Act
    • Texas Privacy Protection Act (TF)
    • Virginia Privacy Act (DNP)
    • Washington Privacy Act (DNP)
    • Wisconsin Data Privacy Act
    • US House (Moran) Consumer Data Privacy & Security Act
    • US Senate (Cantwell) Consumer Online Privacy Rights Act
    • US Senate (Gillibrand) Data Protection Act
    • US Senate (Klobuchar) Social Media Privacy & Consumer Rights Act
    • US Senate (Rubio) American Data Dissemination Act
    • US Senate (Schatz) Data Care Act
    • US Senate (Warren) Data Breach Prevention and Compensation Act
    • US Senate (Wicker) Consumer Data Privacy Act

DNP: bill died or postponed.     TF: replaced with Task Force or Study Bill

Important Resources