December 2, 2022


by: kapp


Categories: Blog

Upcoming domestic privacy laws you should know about

When it comes to the internet, we all know that anything we do or say is being tracked and stored. But what happens to all that data? And more importantly, what can we do to keep our information safe and secure? In our previous blog post, we talked about the GDPR as a privacy law and how it affects U.S. based businesses.

As a business, it’s important to be aware of the latest data privacy legislation. In the U.S., there are a few pieces of legislation that are upcoming or are in place and will have a big impact on how businesses collect and store customer data. There are five states in particular that we have highlighted below. If you have visitors to your site from one of these states, it is important to get consent from the users to collect and use their data, as well as a clear message of how their data is being used.

California (CCPA)

The first piece of legislation is the California Consumer Privacy Act (CCPA). This law went into effect on January 1, 2020, and it gives California residents the right to know what personal data companies have collected about them.

The CCPA applies to any business or organization that collects personal information about California citizens. This includes businesses that collect data for marketing purposes, such as gathering information about a user’s age, income level, occupation and interests. It also requires companies to notify consumers of any security breach they may have had. The CCPA has been created with the intention of protecting consumers from any misuse of their personal information, and it applies to both online and offline transactions.

In Nov. 2020, California approved Proposition 24 to expand the CCPA. This proposition is known as the California Consumer Privacy Rights Act (CPRA) and it goes into effect January 1, 2023. The proposition permits consumers to prevent businesses from sharing personal information, correct inaccurate personal information, and limit businesses’ use of “sensitive personal information.”

Colorado Privacy Act

Colorado SB190, also known as the Colorado Privacy Act, is a new law that was approved in July 2021 and goes into effect July 1, 2023.

The Colorado Privacy Act was passed to replace the previous law (Colorado Consumer Protection Act). The old law only required businesses to disclose what they were collecting and why they were collecting it. But there was no punishment for not following these guidelines or for not disclosing information properly.

This new law has stricter guidelines for data collectors, and it also requires them to get consent from consumers before collecting any data, even if it’s not sensitive information like an email address or phone number.

Connecticut Personal Data Privacy and Online Monitoring

Connecticut SB6, or Personal Data Privacy and Online Monitoring, is a law that was passed in 2022, and it was created to protect the privacy of people’s personal data. This law is a reaction to the Cambridge Analytica scandal, and it was created to stop the misuse of people’s personal data.

The goal of Connecticut SB6 is to protect people from having their personal information sold or distributed without their permission. It also requires companies to get consent from users before they use their data for advertising purposes. According to the Connecticut General Assembly, SB6 would “protect the privacy of personal data by limiting the use and disclosure of personal data by state agencies, including the collection and use of electronic data.”

Utah Consumer Privacy Act

Utah’s SB227 Consumer Privacy Act would require businesses to provide customers with clear and concise information about the ways their personal information is being used. This would include information about the type of data being collected, the purposes for which it is being used, and the recipients of that data.

This bill is designed to protect the privacy of Utah residents and to provide them with the information they need to make informed decisions about their personal information. SB227 also provides consumers the right to access and delete certain personal data maintained by certain businesses and opt out of the collection and use of personal data for certain purposes. The bill goes into effect Dec. 31, 2023.

Virginia Consumer Data Protection Act

Virginia’s Consumer Protection Act, SB1392, establishes a framework for controlling and processing personal data in the Commonwealth.

The bill grants consumer rights to access, correct, delete, and obtain a copy of personal data and to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling of the consumer. SB1392 also outlines responsibilities and privacy protection standards for data controllers and processors. However, the bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. Virginia’s new law effective date is just around the corner and will take effect on Jan. 1, 2023.


Privacy laws in the United States are constantly evolving and changing. Companies must continually adapt their practices to make sure they are compliant with the latest regulations. Despite the challenges, businesses must take data privacy and security seriously to protect their customers and avoid costly penalties.

If you need help implementing a privacy policy, a cookie consent manager, or answer any questions feel free to contact us.