The introduction of the California Consumer Privacy Act (CCPA) in 2018 was a turning point for US state privacy laws. The California Privacy Rights Act (CPRA) has since been passed, extending and amending many of the CCPA’s provisions.
Several other states have followed in the footsteps of the CCPA, introducing their own privacy bills. In 2021, Virginia and Colorado passed their own privacy laws, the Virginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA) respectively. More recently, Utah passed the Utah Consumer Privacy Act (UCPA) and Connecticut passed the Connecticut Data Privacy Act (CTDPA) becoming the fourth and fifth states respectively to introduce comprehensive privacy legislation in the US.
As more states introduce privacy laws, organizations must be aware of, and be able to manage, the varying provisions which can make cross-state compliance a complex undertaking. Use this guide to learn more about the differences between the CCPA, CPRA, CDPA, CTDPA, CPA, and UCPA.