6 step checklist for compliance with US privacy laws

The US has four comprehensive state privacy laws set to enter into effect in 2023. California, Virginia, Colorado, and Utah have all passed new state privacy bills over the past 18 months, and while there are some similarities to be found in the requirements of all four, there are also several key differences that organizations should be paying attention to.

Organizations that have already built compliant privacy programs for the California Consumer Privacy Act (CCPA) will be one step ahead when the provisions of the California Privacy Rights Act (CPRA) enter into effect on January 1, 2023. However, the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and the Utah Consumer Privacy Act (UCPA) all have their own varying requirements for covered businesses (the definition of which is also different across all four state laws) to meet. As a result, organizations should be looking to develop a benchmark for cross-state compliance by finding common ground while accounting for the nuances of each law.

This six-step checklist provides you with foundational processes that organizations should take into account when working towards compliance with the CPRA, CDPA, CPA, and UCPA, from the initial discovery of personal data to developing and enforcing robust data policies such as retention, minimization, and access.

By following the steps outlined in this checklist, organizations will be able to understand what personal data they have, where that data lives, and what privacy laws apply. Organizations will also understand the steps necessary to attribute consent preferences to personal information and ensure these are communicated with third parties to avoid unauthorized disclosure. This US privacy law compliance checklist also highlights the processes that organizations should be developing for handling privacy rights requests (DSARs) and performing privacy impact assessments (PIAs), where applicable.

Download the checklist and start taking the six steps towards US privacy compliance now, or follow OneTrust on LinkedInTwitter, or YouTube for the latest updates on US privacy.

On-demand webinar coming soon...

You may also like


Privacy Management

The road to privacy compliance: A spotlight on Oregon & Delaware legislation

We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.

September 14, 2023

Learn more

Regulation Book

Privacy Management

Utah Consumer Privacy Act law book

Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.

September 04, 2023

Learn more


Privacy Management

The road to 50 states: Delaware and Oregon join the US privacy landscape

Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.

August 10, 2023

Learn more