United States Laws & Regulations

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

Recent Developments in U.S. Data Privacy and Personal Information Protection Laws

As of April 4, 2026, the United States has seen significant legislative developments in the realm of data privacy and personal information protection. This article will focus on the most recent laws and regulations, providing an overview of their names, jurisdictions, key provisions, effective dates, and practical impacts.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA), an amendment to the California Consumer Privacy Act (CCPA), was passed in November 2020 and is set to become effective on January 1, 2023. The CPRA expands upon the CCPA by providing California residents with more control over their personal information. Key provisions include:

  • The right to correct personal information held by businesses.
  • The right to limit the use and disclosure of sensitive personal information.
  • The establishment of a California Privacy Protection Agency to enforce privacy laws.

Virginia Consumer Data Protection Act (CDPA)

The Virginia Consumer Data Protection Act, enacted in March 2021, is the first comprehensive privacy law in the United States to be passed by a state legislature. It is set to become effective on January 1, 2023. The CDPA requires businesses to:

  • Provide a clear privacy notice to consumers.
  • Obtain consent for processing sensitive data.
  • Allow consumers to access, correct, and delete their personal information.

Colorado Privacy Act (CPA)

The Colorado Privacy Act, signed into law in July 2021, is set to take effect on July 1, 2023. The CPA grants Colorado residents the right to:

  • Know what personal data is collected and how it is used.
  • Access and obtain a copy of their personal data.
  • Correct inaccuracies in their personal data.
  • Delete their personal data.

Children's Online Privacy Protection Act (COPPA) Updates

In 2021, the Federal Trade Commission (FTC) proposed updates to the Children's Online Privacy Protection Act (COPPA), which protects the privacy of children under 13. The proposed amendments aim to:

  • Strengthen protections for children's data.
  • Update definitions to account for new technologies.
  • Increase penalties for non-compliance.

Health Insurance Portability and Accountability Act (HIPAA) Updates

In 2022, the Department of Health and Human Services (HHS) proposed updates to the Health Insurance Portability and Accountability Act (HIPAA) to enhance data privacy and security. Key updates include:

  • Strengthening the security and privacy of health information.
  • Enhancing the rights of individuals to access their health information.
  • Updating the enforcement process for HIPAA violations.

Practical Impact

These recent legislative developments have significant practical impacts on businesses operating in the United States. Companies must now comply with a patchwork of state-level privacy laws, each with its own set of requirements. This necessitates a comprehensive approach to data privacy and personal information protection, with businesses needing to invest in technology and resources to ensure compliance.

In conclusion, the United States has seen a surge in data privacy and personal information protection laws, with states leading the charge in enacting comprehensive legislation. Businesses must stay informed and adapt to these changes to maintain compliance and protect consumer data.

Back to all articles