United States Laws & Regulations

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

As of May 13, 2026, the United States has seen significant legislative developments in the realm of data privacy and personal information protection. This article will provide an overview of the most recent laws and regulations, focusing on their jurisdiction, key provisions, effective dates, and practical impacts.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA), an amendment to the California Consumer Privacy Act (CCPA), was passed in November 2020 and is set to become effective on January 1, 2023. The CPRA expands upon the CCPA by providing California residents with additional rights and protections. Key provisions include:

  • The right to correct personal information held by businesses.
  • The right to limit the use of sensitive personal information.
  • The establishment of a California Privacy Protection Agency to enforce privacy laws.

The CPRA's practical impact is significant, as it requires businesses to reassess their data collection and processing practices to ensure compliance with the new regulations.

Children's Online Privacy Protection Act (COPPA) Updates

In 2021, the Federal Trade Commission (FTC) proposed updates to the Children's Online Privacy Protection Act (COPPA), which regulates the collection of personal information from children under 13. The proposed amendments aim to:

  • Strengthen parental consent requirements.
  • Expand the definition of personal information to include voice recordings and biometric data.
  • Increase penalties for non-compliance.

These updates, if finalized, will have a substantial impact on businesses targeting children, requiring them to implement stricter privacy measures and obtain verifiable parental consent.

Health Insurance Portability and Accountability Act (HIPAA) Updates

In 2022, the Department of Health and Human Services (HHS) proposed amendments to the Health Insurance Portability and Accountability Act (HIPAA) to enhance data privacy and security in the healthcare sector. Key provisions include:

  • Strengthening breach notification requirements.
  • Enhancing the security of electronic protected health information (ePHI).
  • Expanding the scope of the Privacy Rule to include additional entities.

These updates, once finalized, will require healthcare providers and covered entities to review and update their privacy and security practices to ensure compliance.

State-Level Privacy Acts

Several states have introduced or are considering privacy legislation, such as the Washington Privacy Act (WPA) and the New York Privacy Act (NYPA). While these acts have not yet been passed, they signal a growing trend towards comprehensive privacy protection at the state level. These acts would likely include provisions similar to the CCPA and CPRA, such as the right to access, delete, and opt-out of the sale of personal information.

Conclusion

The United States is witnessing a surge in legislative developments aimed at enhancing data privacy and personal information protection. Businesses operating in the U.S. must stay informed of these changes and prepare to adapt their practices to comply with the evolving legal landscape. As new laws and regulations continue to emerge, privacy professionals and business leaders must remain vigilant in ensuring their organizations are in compliance with these critical developments.

Back to all articles