United States Laws & Regulations

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

As of May 19, 2026, the United States has seen significant legislative developments in the realm of data privacy and personal information protection. This article will provide an overview of the most recent laws and regulations, focusing on their jurisdiction, key provisions, effective dates, and practical impact.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA), an amendment to the California Consumer Privacy Act (CCPA), was passed in November 2020 and is set to become effective on January 1, 2023. The CPRA expands upon the CCPA by providing California residents with additional rights and protections. Key provisions include:

  • The right to correct personal information held by businesses.
  • The right to limit the use of sensitive personal information.
  • The establishment of a California Privacy Protection Agency to enforce privacy laws.

Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act, enacted in March 2021, is set to take effect on January 1, 2023. This law applies to businesses that conduct business in Virginia or produce products or services targeted to Virginia residents. The VCDPA requires businesses to:

  • Provide a clear and accessible privacy notice.
  • Allow consumers to access and delete their personal data.
  • Conduct data protection assessments for high-risk processing activities.

Colorado Privacy Act (CPA)

The Colorado Privacy Act, passed in July 2021, is scheduled to become effective on July 1, 2023. The CPA grants Colorado residents the right to:

  • Access and delete their personal data.
  • Correct inaccuracies in their personal data.
  • Opt-out of the sale of their personal data and targeted advertising.

Children's Online Privacy Protection Act (COPPA) Updates

In 2021, the Federal Trade Commission (FTC) proposed updates to the Children's Online Privacy Protection Act (COPPA), which protects the privacy of children under 13. The proposed amendments aim to:

  • Strengthen protections for children's data.
  • Update definitions to account for new technologies and practices.
  • Increase penalties for non-compliance.

Health Insurance Portability and Accountability Act (HIPAA) Updates

The Department of Health and Human Services (HHS) has been working on updates to the Health Insurance Portability and Accountability Act (HIPAA) to address emerging privacy and security concerns. While specific amendments have not been finalized, the HHS is expected to focus on:

  • Enhancing patient access to their health information.
  • Strengthening data breach notification requirements.
  • Updating privacy rules to accommodate new technologies.

Practical Impact

These legislative developments have significant practical implications for businesses operating in the United States. Companies must now navigate a complex patchwork of state and federal privacy laws, each with its own set of requirements and penalties for non-compliance. It is crucial for businesses to stay informed about these changes and ensure their data privacy practices are in line with the latest legal requirements.

In conclusion, the United States has seen a surge in data privacy and personal information protection laws in recent years. As these laws continue to evolve, businesses must remain vigilant and adapt their practices to maintain compliance and protect consumer privacy.

Back to all articles