On-demand webinar coming soon...

Simplify US privacy law compliance

The current US privacy landscape is complex. Some states have fully enacted comprehensive data privacy laws while others vary in legislation maturity.

We’re here to simplify your compliance journey and support you in protecting personal data while building trust with your customers. 

Government building with American flag outside

How OneTrust supports consumer rights and compliance

Explore consumer rights and business requirements across enacted US privacy laws and see how our Privacy and Data Governance Cloud can help.

Right to access, correction, deletion and portability

Fulfilling consumer requests all starts with having an appropriate intake method for consumers to make requests to access, correct, delete, or transmit their data. Explore the chart below to see which enacted US privacy laws require these rights. 

 Right to accessRight to correctRight to deleteRight to portability
California: CPRAXXXX
IowaX XX
UtahX XX

Note: Cells with an 'X' indicate the corresponding law requires that particular right.

Processing personal rights requests can be time consuming for the business. OneTrust Privacy Rights Automation expedites the entire DSAR fulfillment process by:

  • Streamlining intake across your different touchpoints
  • Simplifying identity verification and data discovery
  • Automating the redaction and response process

Right to opt-out and limit use

Organizations that utilize the advertising ecosystem will have to pay particular attention to opt-out requests. Explore the chart below to see which enacted US privacy laws specify opt-out, right to use, and disclosure requirements. 

 Right to opt-outRight to limit use and disclosure
 SaleProfilingTargeted advertisingSensitive personal information 
California: CPRAXXXX
ColoradoXXXOpt-in required
ConnecticutXXXOpt-in required
DelawareXXXOpt-in required
FloridaXXXOpt-in required
IndianaXXXOpt-in required
IowaX XX
MontanaXXXOpt-in required
OregonXXXOpt-in required
TexasXXXOpt-in required
UtahX X 
VirginiaXXXOpt-in required

Note: Cells with an 'X' indicate the corresponding law requires that particular right.

Our Consent and Preferences solution operationalizes opt-outs by:

  • Automatically identifying third-party trackers
  • Delivering a consumer-first preference center where preferences can be changed at any time and applied across all touchpoints
  • Enforcing opt-outs and processing limitations based on preferences and opt-out requirements

Right to notice and transparency

All enacted US privacy laws require notice and transparency be provided to those covered under the law. OneTrust Digital Policy Management helps by enabling you to centrally manage policies across digital assets.  

  • Schedule automatic website and mobile app scans to trigger policy updates 
  • Use pre-built templates and sync the latest updates across your web and app properties 

Risk assessments

All enacted US privacy laws (aside from Iowa and Utah) require formal risk assessments of privacy and/or security projects or procedures. OneTrust PIA & DPIA Automation integrates with your existing business processes, giving you real-time comprehensive risk discovery and actionable insights for risk mitigation. In addition to streamlining the assessment process, our Privacy Management solution also equips you with the tools to improve your privacy program. Privacy awareness training, third-party risk management, and privacy and security incident management are available to unify and optimize your data privacy program activities.

You might also like


Privacy Management

The road to privacy compliance: A spotlight on Oregon & Delaware legislation

We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.

September 14, 2023

Learn more

Regulation Book

Privacy Management

Utah Consumer Privacy Act law book

Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.

September 04, 2023

Learn more


Privacy Management

The road to 50 states: Delaware and Oregon join the US privacy landscape

Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.

August 10, 2023

Learn more


We’re here to help demystify US data privacy regulations. Explore answers to frequently asked questions below.

Currently, unlike Europe’s GDPR, there isn’t a comprehensive US privacy law. The enactment of the California Consumer Privacy Act of 2018 (CCPA) on January 1, 2020 marked the first comprehensive US state privacy law aimed to protect consumers’ personal data security. Since then, many states have followed suit with their own privacy legislation. 

More than 10 states have enacted comprehensive privacy laws. Many others have introduced bills for committee evaluation. In addition to comprehensive state-level laws, the US also has privacy laws that govern specific types of data. For example, HIPAA is a federal law that protects sensitive patient health information and COPPA protects children’s online privacy.  


Explore the DataGuidance US privacy tracker to learn more about emerging and new laws. 

The EU’s General Data Protection Regulation (GDPR) focuses on a person’s right to privacy whereas much of the US legislation focuses on the data security safeguards of consumers and employees. Regardless of whether your business is located in the EU or US, or other countries with data privacy laws, if data is processed across borders, relevant privacy and data protection laws apply. 


Our Privacy and Data Governance Cloud can simplify how you comply with the various requirements of privacy regulations. 

Ready to get started?

Request a free demo today to see how OneTrust can guide your US privacy compliance journey.