Words, words, words

DATA SUBJECT RIGHTS

 

STATE

ACCESS

OBTAIN LIST OF SPECIFIC THIRD PARTIES

DATA PORTABILITY

DELETE

CORRECT

OPT-OUT OF SALE

OPT-OUT OF TARGETED ADVERTISING

OPT-OUT OF PROFILING

SENSITIVE DATA (OPT-IN, OPT-OUT, LIMIT USE)

California

X

In Progress

Limit Use

Virginia

X

Opt-In

Colorado

X

Opt-In

Connecticut

X

Opt-In

Utah

X

X

X

Opt-Out

Texas

X

Opt-In

Florida

X

Opt-In

Montana

X

Opt-In

Iowa

X

X

X

Opt-Out

Tennessee

X

Opt-In

Indiana

X

Opt-In

Oregon

Opt-In

Delaware

X

Opt-In

 

 

 

DATA SUBJECT RIGHTS (cont.)

 

STATE

NO DISCRIMINATION

RIGHT TO APPEAL DENIAL

AUTHORIZED AGENTS

OPT-OUT SIGNALS

DAYS TO RESPOND TO REQUESTS

VERIFY/AUTHENTICATE IDENTITY OF REQUESTING CONSUMER

California

X

 15 business days for requests to opt-out and limit use

45 calendar days for other requests

Virginia

X

X

45 calendar days

Colorado

45 calendar days

Connecticut

45 calendar days

Utah

X

X

X

45 calendar days

Texas

45 calendar days

Florida

X

X

45 calendar days

Montana

45 calendar days

Iowa

X

X

45 calendar days

Tennessee

X

X

45 calendar days

Indiana

X

X

45 calendar days

Oregon

45 calendar days

Delaware

45 calendar days

 

 

DATA CONTROLLER OBLIGATIONS

 

STATE

DPIA

DATA MINIMIZATION

PURPOSE LIMITATION

PRIVACY POLICY

FINANCIAL INCENTIVE NOTICE

DATA SECURITY

PROCESSOR/SERVICE PROVIDER/CONTRACTOR CONTRACT REQUIREMENT

THIRD PARTY CONTRACT REQUIREMENT

California

In Progress

Virginia

X

X

Colorado

X

Connecticut

X

X

Utah

X

X

X

Texas

X

X

Florida

X

X

Montana

X

X

Iowa

X

X

X

Tennessee

X

X

Indiana

X

X

Oregon

X

X

Delaware

X

X

 

 

 

 

 

 

EXEMPTIONS

 

STATE

GENERALLY APPLIES TO NON-PROFITS

APPLIES TO CONSUMERS ENGAGED IN COMMERCIAL OR EMPLOYMENT CONTEXT (B2B AND HR)

GLBA EXEMPTION

HIPAA EXEMPTION

California

X

Data only

Data only

Virginia

X

X

Financial Institution

Covered Entity and Business Associate

Colorado

X

Financial Institution

Data only

Connecticut

X

X

Financial Institution

Covered Entity and Business Associate

Utah

X

X

Financial Institution

Covered Entity and Business Associate

Texas

X

X

Financial Institution

Covered Entity and Business Associate

Florida

X

X

Financial Institution

Covered Entity and Business Associate

Montana

X

X

Financial Institution

Covered Entity and Business Associate

Iowa

X

X

Financial Institution

Covered Entity and Business Associate

Tennessee

X

X

Financial Institution

Covered Entity and Business Associate

Indiana

X

X

Financial Institution

Covered Entity and Business Associate

Oregon

X

Data and Certain Financial Institutions

Data only

Delaware

X

Financial Institution

Data only

 

 

 

 

 

 

THE LEGISLATION

 

STATE

ENACTMENT

EFFECTIVE DATE

LINK

California

California Privacy Rights Act

January 1, 2023

View the law

Virginia

Virginia’s Consumer Data Protection Act

January 1, 2023

View the law

Colorado

Colorado Privacy Act

July 1, 2023

View the law

Connecticut

Connecticut Data Privacy Act

July 1, 2023

View the law

Utah

Utah Consumer Privacy Act

December 31, 2023

View the law

Texas

Texas Data Privacy and Security Act

July 1, 2024

View the law

Florida*

Florida Digital Bill of Rights

July 1, 2024

View the law

Oregon

Oregon Consumer Privacy Act

July 1, 2024

View the law

Montana

Montana Consumer Data Privacy Act

October 1, 2024

View the law

Iowa

Iowa Consumer Data Protection Act

January 1, 2025

View the law

Delaware

Delaware Personal Data Privacy Act

January 1, 2025 (pending signature)

View the law

Tennessee

Tennessee Information Protection Act

July 1, 2025

View the law

Indiana

Indiana Consumer Data Protection Act

January 1, 2026

View the law

 

 

* The Florida Digital Bill of Rights is arguably a comprehensive privacy law, but it applies under narrow circumstances (e.g., among other things, companies that

 have over $1 billion in global gross annual revenues).

Additional Words