Explore consumer rights and business requirements across enacted US privacy laws and see how Privacy Automation can help.
Simplify US privacy law compliance
The current US privacy landscape is complex. Some states have fully enacted comprehensive data privacy laws while others vary in legislation maturity.
We’re here to simplify your compliance journey and support you in protecting personal data while building trust with your customers.
How OneTrust supports consumer rights and compliance
Right to access, correction, deletion and portability
Fulfilling consumer requests all starts with having an appropriate intake method for consumers to make requests to access, correct, delete, or transmit their data. Explore the chart below to see which enacted US privacy laws require these rights.
| Right to access | Right to correct | Right to delete | Right to portability | |
|---|---|---|---|---|
| California: CPRA | X | X | X | X |
| Colorado | X | X | X | X |
| Connecticut | X | X | X | X |
| Delaware | X | X | X | X |
| Florida | X | X | X | X |
| Indiana | X | X | X | X |
| Iowa | X | X | X | |
| Kentucky | X | X | X | X |
| Maryland | X | X | X | X |
| Minnesota | X | X | X | X |
| Montana | X | X | X | X |
| Nebraska | X | X | X | X |
| New Hampshire | X | X | X | X |
| New Jersey | X | X | X | X |
| Oregon | X | X | X | X |
| Rhode Island | X | X | X | X |
| Tennessee | X | X | X | X |
| Texas | X | X | X | X |
| Utah | X | X | X | |
| Virginia | X | X | X | X |
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Processing personal rights requests can be time consuming for the business. Data Subject Request (DSR) Automation expedites the entire DSAR fulfillment process by:
- Streamlining intake across your different touchpoints
- Automating identity verification
- Automating the redaction and response process
- Automating the data discovery and deletion process
Right to opt-out and limit use
Organizations that utilize the advertising ecosystem will have to pay particular attention to opt-out requests. Explore the chart below to see which enacted US privacy laws specify opt-out, right to use, and disclosure requirements.
| Right to opt-out | Right to limit use and disclosure | |||
|---|---|---|---|---|
| Sale | Profiling | Targeted advertising | Sensitive personal information | |
| California: CPRA | X | X | X | X |
| Colorado | X | X | X | Opt-in required |
| Connecticut | X | X | X | Opt-in required |
| Delaware | X | X | X | Opt-in required |
| Florida | X | X | X | Opt-in required |
| Indiana | X | X | X | Opt-in required |
| Iowa | X | X | ||
| Kentucky | X | X | X | Opt-in required |
| Maryland | X | X | X | Opt-in required |
| Minnesota | X | X | X | Opt-in required |
| Montana | X | X | X | Opt-in required |
| Nebraska | X | X | X | Opt-in required |
| New Hampshire | X | X | X | Opt-in required |
| New Jersey | X | X | X | Opt-in required |
| Rhode Island | X | X | X | Opt-in required |
| Oregon | X | X | X | Opt-in required |
| Tennessee | X | X | X | Opt-in required |
| Texas | X | X | X | Opt-in required |
| Utah | X | X | ||
| Virginia | X | X | X | Opt-in required |
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Our Consent and Preferences solution operationalizes opt-outs by:
- Automatically identifying third-party trackers
- Delivering a consumer-first preference center where preferences can be changed at any time and applied across all touchpoints
- Enforcing opt-outs and processing limitations based on preferences and opt-out requirements
- Respect user preferences and support Global Privacy Controls (GPC)
Right to notice and transparency
All enacted US privacy laws require notice and transparency be provided to those covered under the law. OneTrust Privacy Operations helps by enabling you to centrally manage policies across digital assets.
- Schedule automatic website and mobile app scans to trigger policy updates
- Use pre-built templates and sync the latest updates across your web and app properties
Risk assessments
All enacted US privacy laws (aside from Iowa and Utah) require formal risk assessments of privacy and/or security projects or procedures. OneTrust Privacy Operations integrates with your existing business processes, giving you real-time comprehensive risk discovery and actionable insights for risk mitigation. In addition to streamlining the assessment process, our Privacy Automation solution also equips you with the tools to improve your privacy program. Privacy awareness training, third-party risk management, and privacy and security incident management are available to unify and optimize your data privacy program activities.
You might also like
Webinar
Privacy Automation
Automating privacy touchpoints: Notices, consent, and DSRs made easy
Join us and learn how to simplify and scale privacy compliance by automating key consumer touchpoints.
June 12, 2025
Webinar
Privacy Management
Northeast data privacy laws: Insights & compliance strategies
This session will provide a practical roadmap to address Northeast data privacy laws, from understanding consent requirements to implementing compliant consent workflows within your operations.
June 10, 2025
Webinar
Privacy Automation
Navigating the FTC's amended COPPA Rule: Key updates and compliance strategies
This webinar covers key updates to the FTC's amended COPPA Rule. Learn revised privacy notice requirements, verifiable parental consent, governance protocols, and best practices for data retention.
February 25, 2025
Webinar
Privacy Management
2024 to 2025: Preparing for the next wave of privacy regulations
Prepare for 2025's privacy changes with this recap webinar on 2024's regulations and explore upcoming laws, trends, and compliance strategies.
January 23, 2025
Webinar
Privacy Management
Top 10 privacy moments that shaped 2024
In this webinar, DataGuidance privacy analysts will review of privacy enforcement trends in 2024, explore global AI regulations, including the EU AI Act, and discuss global privacy legislation developments in 2024.
December 19, 2024
Webinar
Privacy Management
Staying equipped for compliance: A global recap of emerging privacy laws
Join us for a global regulatory recap, where we will explore the latest privacy regulations and key developments impacting compliance in 2024 and beyond. This webinar will offer a streamlined analysis of newly adopted privacy laws, emerging AI regulations, and the evolving cyber regulations such as the NIS2 Directive.
November 20, 2024
eBook
Consent & Preferences
Mastering US opt-out requirements: A practical guide for marketers
Discover how to manage US opt-out requirements and enhance your marketing efforts with this guide. Download now to simplify compliance and build trust.
October 22, 2024
Webinar
Privacy Automation
Global regulatory update: Recent privacy developments and compliance trends
Join us for a webinar on the latest updates and emerging trends in global privacy regulations.
September 12, 2024
Webinar
Privacy Management
Preparing for child data protection laws in the US
Join DataGuidance and a panel of experts as we discuss US privacy laws the protection of minors' data.
August 07, 2024
Webinar
Privacy Management
The road to 50 states: Rhode Island joins the US privacy landscape with a new law
Rhode Island has become the 20th US State to pass a privacy law. On June 25, 2024, the Governor of Rhode Island transmitted the Data Transparency and Privacy Protection Act (RIDTPPA) without signature allowing the Act to become law. Join the webinar to learn more.
July 16, 2024
Webinar
Privacy Management
Preparing for the future of privacy in healthcare: Going beyond HIPAA compliance
Join us for a discussion on preparing your organization for healthcare privacy compliance that goes beyond HIPAA.
July 11, 2024
Webinar
Privacy Management
The road to 50 states: Minnesota and Vermont join the US privacy landscape
In this webinar, OneTrust DataGuidance and expert contributors unpack the MCPA and VDPA, examining the requirements, exceptions, and practical implications of the legislations on the data controllers and processors.
June 17, 2024
Webinar
Privacy Management
From legislation to operation: How to prepare for the new wave of US Privacy laws
Prepare your organization for the new wave of US privacy laws.
June 06, 2024
Checklist
Third-Party Risk
TPRM privacy compliance: Questions to ask when working with third parties
Download this checklist to learn what questions to ask when designing a third-party risk management program that enables privacy compliance.
May 31, 2024
Infographic
Comparing US state privacy law requirements
Download our infographic and compare the many US state privacy law requirements that have been enacted or will soon come into effect.
May 14, 2024
Webinar
Privacy Management
Federal US privacy bill on the horizon? Exploring the draft APRA & new state privacy legislation
Join OneTrust DataGuidance and expert contributors for an overview of the Kentucky Consumer Privacy Act (KCPA), Maryland's Senate Bill 0541, and the draft American Privacy Rights Act and explore how a federal bill could shape the US privacy landscape.
April 23, 2024
Infographic
Privacy Management
US state privacy laws timeline
View our timeline to understand the progression of current US state privacy laws and key dates.
April 23, 2024
Webinar
Privacy Management
Spring into action! Navigating CPRA: Ensuring compliance and protecting privacy
Join us for an interactive webinar we dive into the CPRA, which will go into force on March 29th.
March 21, 2024
Webinar
Privacy Management
The road to 50 states: New Jersey and New Hampshire join the US privacy landscape
oin OneTrust DataGuidance for a webinar highlighting the key requirements within the new US laws, New Jersey Senate Bill 332 and New Hampshire Senate Bill 255.
February 01, 2024
Webinar
Privacy Automation
Embedding Privacy by Design through PIA Automation
Join us for a webinar on Embedding Privacy by Design through PIA Automation.
January 11, 2024
Webinar
Privacy Management
Automating fulfillment of subject rights requests in the US
Learn how Privacy Rights Automation helps to fully automate privacy rights requests.
December 06, 2023
Webinar
Privacy Management
December's deadline: Ensuring compliance with Utah's privacy regulation
Join us for a webinar as we explore the impending implementation of the Utah Privacy Law, set to take effect on December 31, 2023.
November 14, 2023
Webinar
Privacy Management
The road to privacy compliance: A spotlight on Oregon & Delaware legislation
We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.
September 14, 2023
Regulation Book
Privacy Management
Utah Consumer Privacy Act law book
Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.
September 04, 2023
Blog
Privacy Management
The road to 50 states: Delaware and Oregon join the US privacy landscape
Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.
August 10, 2023
Resource Kit
Privacy Management
EU-US Data Privacy Framework resource kit
Download our EU-US Data Privacy Framework resource kit to better understand the new aggreement for cross-border personal data transfers and how to educate your stakeholders.
July 20, 2023
Resource Kit
Privacy & Data Governance
US privacy resource kit
Download our US privacy resource kit designed to access a range of materials to help you understand how the US privacy landscape is evolving.
July 13, 2023
Webinar
Privacy Management
Now in effect: Colorado and Connecticut privacy laws
In this free webinar, our privacy experts delve into the new Colorado and Connecticut privacy laws and how they differ from other US state regulations.
July 12, 2023
Infographic
Consent & Preferences
Navigating Google's new CMP requirements
Adapt to Google's June 2023 CMP requirements with this infographic and confidently engage your audience while staying compliant.
June 20, 2023
Webinar
Privacy Management
New states, new dates: Preparing for Indiana, Montana, Tennessee and Florida state privacy laws
Join our expert panel where we examine upcoming privacy legislation in Indiana, Montana, Tennessee, and Florida and the key requirements of each law.
June 20, 2023
Webinar
Privacy Automation
US privacy laws on the horizon: Which states will be next?
Join our live webinar as OneTrust DataGuidence and privacy experts examine new privacy legislation in Indiana, Montana, Tennessee, Florida, and Texas.
June 15, 2023
eBook
Consent & Preferences
The ultimate guide to consent and preferences for marketers
Download this eBook and learn how marketers can apply consent and preference principles to build a relationship with their audience built on trust.
June 02, 2023
Regulation Book
Privacy Management
Colorado Privacy Act law book
The Colorado Privacy Act (CPA) comes into force on July 1. Get the law's official text right at your fingertips.
May 30, 2023
Webinar
Privacy Management
Understanding Washington's My Health My Data Act
The Washington My Health My Data Act was signed into law on April 27, 2023 and will be enacted the following year. Join OneTrust DataGuidance and a team of legal experts and get the knowledge you need for compliance.
May 18, 2023
Webinar
Privacy & Data Governance
Operationalizing the Iowa Consumer Data Protection Act
Join the Privacy experts at OneTrust for an update on the new law and learn key requirements of Iowa’s new privacy law and more.
May 16, 2023
White Paper
AI Governance
Navigating responsible AI: A privacy professional's guide
Download our white paper and learn how privacy teams help organizations establish and implement policies that ensure AI applications are responsible and ethical.
May 03, 2023
Blog
Privacy & Data Governance
Comparing US privacy law exemptions infographic
Learn how to navigate the new US privacy law exemptions and see how they compare.
May 01, 2023
Webinar
Privacy & Data Governance
Automate subject rights requests for compliance with US state privacy laws
Join this interactive webinar to learn how OneTrust Privacy Rights Automation helps you to fully automate privacy rights requests for your organization.
April 19, 2023
Webinar
Privacy & Data Governance
Iowa joins US privacy landscape with a new law
OneTrust DataGuidance’s webinar discusses Iowa’s CDPA, its similarities to other US privacy laws, its implications on organizations, and steps for compliance.
April 10, 2023
Webinar
Privacy & Data Governance
USA biometric laws: Key considerations and emerging trends
Biometric laws are emerging, and companies must ensure compliance to avoid hefty fines. Join the OneTrust DataGuidance panel of experts to learn more.
April 06, 2023 1 min read
Infographic
Privacy Management
US privacy in 2023: Top 3 compliance priorities
Businesses at different stages of privacy maturity will need to approach US privacy compliance in different ways. Download the infographic to learn more.
March 08, 2023
Webinar
Privacy & Data Governance
Assess privacy risk for compliance with US state privacy laws
Join this US Privacy Demo Series webinar to see a live demo of the OneTrust privacy risk or data protection assessments (PIA's) automation solution.
March 01, 2023
Webinar
Privacy Automation
US Privacy Masterclass - Consumer rights & opt-outs
Join us in our US Privacy Masterclass as we delve into the evolving US privacy landscape and how you can build a trust-based privacy program in 2023.
February 07, 2023
Webinar
Privacy Automation
US Privacy Masterclass - Employee rights fulfilment
Learn the steps you can take to boost employee trust in compliance with US Privacy Laws in our US Privacy Masterclass on Employee Rights Fulfilment.
February 07, 2023
Webinar
Privacy Automation
US privacy masterclass - risk and DPIAs
Join us in our US Privacy Masterclass on Risk and DPIAs to understand the operational components for risk assessments/data protection assessments.
February 06, 2023
Webinar
Privacy Automation
US privacy masterclass - retention & minimization
Our US Privacy Masterclass on Retention & Minimization will help you understand data policy requirements across US Privacy Laws.
February 06, 2023
Webinar
Privacy Management
Data Privacy Day: Protiviti & OneTrust
Join industry experts at OneTrust & Protiviti for an operational deep dive and interactive Q&A on the upcoming US State laws set to go into effect in 2023.
January 26, 2023
Checklist
Privacy Management
7 steps to CPRA compliance
Download this checklist to make sure your organization follows the right steps to implement processes that achieve California Privacy Rights Act compliance.
January 24, 2023
eBook
Consent & Preferences
The ultimate guide to US opt-out requirements
Learn about the different opt-out requirements, such as a “Do Not Sell My Personal Information” in the US privacy landscape, and how to comply with them.
January 23, 2023
eBook
Privacy & Data Governance
The ultimate guide to US privacy
Learn more about the three priorities for managing US privacy requirements, including addressing the most visible aspects of US privacy compliance.
December 12, 2022
Webinar
Privacy Management
Minimization, retention, and purpose-limitation: Evolving privacy to data governance
In this webinar, OneTrust Privacy experts discuss requirements and best practices for governing personal and sensitive data under US state privacy laws.
November 17, 2022
Webinar
Privacy Management
Expanded US consumer rights: What’s new and what should you do?
Join our experts to understand the operational impact of these newly-expanded US consumer rights and how to automate consumer rights request fulfillment.
August 25, 2022
Webinar
Privacy Management
Privacy risk assessments in the US: Why, when, and what?
In this webinar, OneTrust experts discuss requirements for conducting PIAs: why they exist, when you should do them, and what they should include.
August 24, 2022
Webinar
Privacy & Data Governance
A US federal privacy bill is on the horizon: get to know the ADPPA webinar
In this session, legal experts Michelle Schaap and Andy Lee are joined by OneTrust DataGuidance to provide an overview of what the ADPPA entails.
August 17, 2022
Webinar
Privacy Management
Establishing and enforcing retention policies
Attend our webinar, "Establishing and enforcing retention policies," part of the US Privacy Laws Masterclass Series.
July 27, 2022
eBook
Privacy & Data Governance
How to comply with the CCPA opt-out requirement
Download this guide to learn how you can comply with the CCPA's opt-out requirements to get on the right track to CCPA compliance.
July 22, 2022
White Paper
Privacy & Data Governance
How OneTrust helps with California privacy law compliance (CCPA & CPRA)
This guide to California privacy law compliance helps your organization understand the requirements under the CCPA and CPRA.
June 23, 2022
Webinar
Privacy Management
Utah and Connecticut: Latest additions to the US Privacy landscape
Watch our webinars on the latest privacy laws from Utah and Connecticut and what you need to know to prepare in 2023.
June 17, 2022
Webinar
Privacy & Data Governance
US privacy laws & regulations: answering your biggest questions
Join us for a Q&A on the several US state laws going in effect in 2023.
June 16, 2022
eBook
Privacy & Data Governance
Comparing US state privacy laws
Download this eBook and explore the key areas of US state privacy laws and how they compare.
June 15, 2022
Resource Kit
Privacy Management
Your US privacy masterclass resource kit
These resources provide key information on US privacy law through blogs, webinars, and eBooks.
April 26, 2022
Checklist
Privacy & Data Governance
6 step checklist for compliance with US privacy laws
Download our six step checklist for US privacy laws and ensure that your company remains compliant in 2023.
March 29, 2022
Webinar
Privacy & Data Governance
Utah joins the US Privacy landscape with new comprehensive law
Join us for an overview of Utah's Consumer Privacy Act (UCPA) and its impact on your organization.
March 25, 2022
Webinar
Privacy Management
Overview: Understanding the trio of US privacy laws
Attend our webinar, to better understand privacy laws in the US.
March 23, 2022
Webinar
Privacy Management
Navigating opt-out of sale vs. share
Watch our US Privacy Law masterclass to learn about opt-out of sales and share requirements and best practices for approaching compliance.
March 23, 2022
Webinar
Privacy Management
New to US privacy: Privacy impact assessments
Watch our webinar as we discuss privacy impact assessments and how they relate to US privacy laws.
March 23, 2022
Webinar
Privacy Management
US Privacy series: Effectively governing personal and sensitive personal information part 3
Watch our webinar on US privacy laws and gain insight on effective personal information managment strategies.
February 02, 2022
Webinar
Privacy Management
US Privacy series: Effectively governing personal and sensitive personal information part 2
Join us for an overview of US privacy laws and strategies for dealing with compliance.
January 11, 2022
Webinar
Privacy Management
[Part 1] US Privacy Series: Establishing a foundation for compliance
In the first part of our US Privacy Series, we discuss US privacy laws such as the CPRA and best practices towards compliance.
December 21, 2021
Infographic
Privacy & Data Governance
Employee rights under the CPRA
Download our infographic on employee rights under the CPRA to help prepare for the law's expansion in CPRA.
December 07, 2021
eBook
Privacy & Data Governance
The ultimate guide to CCPA compliance
The Ultimate Guide to CCPA Compliance eBook highlights key compliance areas of the CCPA that you should consider when building a privacy program.
December 01, 2021
eBook
Privacy & Data Governance
Download this eBook for an overview of the Virginia Consumer Data Protection Act (CDPA) to understand what it means for organizations.
Download this eBook for an overview of the Virginia Consumer Data Protection Act (CDPA) to understand what it means for organizations.
July 22, 2021
Webinar
US Privacy Masterclass: Countdown to 2023 compliance
Join this US Privacy Masterclass series as we delve into the evolving US privacy landscape and how you can build a trust-based privacy program in 2023.
Webinar
Privacy Management
US Privacy Masterclass 2022
Watch the OneTrust US Privacy Masterclass series and gain insight on the major US privacy law and best practices.
Webinar
Privacy & Data Governance
CCPA compliance masterclass
Watch our OneTrust CCPA Masterclass Series and learn how to prepare your organization for CCPA compliance.
FAQs
We’re here to help demystify US data privacy regulations. Explore answers to frequently asked questions below.
More than 17 states have enacted comprehensive privacy laws. Other states have introduced bills for committee evaluation. In addition to comprehensive state-level laws, the US also has privacy laws that govern specific types of data. For example, HIPAA is a federal law that protects sensitive patient health information and COPPA protects children’s online privacy.
Explore the DataGuidance US privacy tracker to learn more about emerging and new laws.
The EU’s General Data Protection Regulation (GDPR) focuses on a person’s right to privacy whereas much of the US legislation focuses on the data security safeguards of consumers and employees. Regardless of whether your business is located in the EU or US, or other countries with data privacy laws, if data is processed across borders, relevant privacy and data protection laws apply.
OneTrust Notice Management can simplify how you comply with the various requirements of privacy regulations.