United States Laws & Regulations

The Evolving Landscape of Data Privacy and Personal Information Protection Laws in the United States

The Evolving Landscape of Data Privacy and Personal Information Protection Laws in the United States

As of May 15, 2026, the United States has seen significant legislative developments in the realm of data privacy and personal information protection. This article will provide an overview of the most recent laws and regulations, focusing on their jurisdiction, key provisions, effective dates, and practical impacts.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA), an amendment to the California Consumer Privacy Act (CCPA), was passed in November 2020 and is set to become effective on January 1, 2023. The CPRA expands upon the CCPA by providing California residents with more control over their personal information. Key provisions include:

  • The right to correct inaccuracies in personal information.
  • The right to limit the use of sensitive personal information.
  • The establishment of a California Privacy Protection Agency to enforce privacy laws.

Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act, enacted in March 2021, is set to take effect on January 1, 2023. This law applies to businesses that conduct business in Virginia or produce products or services targeted to Virginia residents. The VCDPA requires businesses to:

  • Provide a clear and accessible privacy notice.
  • Allow consumers to access and delete their personal data.
  • Conduct data protection assessments for high-risk processing activities.

Colorado Privacy Act (CPA)

The Colorado Privacy Act, signed into law in July 2021, is scheduled to become effective on July 1, 2023. The CPA grants Colorado residents the right to:

  • Know what personal data is collected and why.
  • Access and obtain a copy of their personal data.
  • Correct inaccuracies in their personal data.
  • Delete their personal data.

Children's Online Privacy Protection Act (COPPA) Updates

In 2021, the Federal Trade Commission (FTC) proposed updates to the Children's Online Privacy Protection Act (COPPA) to strengthen protections for children's data. The proposed amendments aim to:

  • Expand the definition of personal information to include behavioral data.
  • Require parental consent for the collection of personal information from children under 13.
  • Increase penalties for non-compliance.

Health Insurance Portability and Accountability Act (HIPAA) Updates

In 2022, the Department of Health and Human Services (HHS) proposed updates to the HIPAA Privacy Rule to enhance patient access to their health information. The updates aim to:

  • Remove barriers to individuals accessing their health information.
  • Clarify the right of patients to direct their health information to third parties.
  • Strengthen the prohibition on discrimination against patients who exercise their rights.

Practical Impact

These legislative developments have significant practical implications for businesses operating in the United States. Companies must now navigate a complex patchwork of state and federal privacy laws, each with its own set of requirements and penalties for non-compliance. It is crucial for businesses to stay informed about these changes and ensure their data privacy practices are in line with the latest legal requirements to protect both their customers' data and their own interests.

Back to all articles