Blog
State Privacy Laws Effective Dates
Nineteen states have passed comprehensive data privacy laws. 2024 was a busy year on that front, both for new laws being passed and laws going into effect. Coming into 2024, privacy laws in California, Virginia, Colorado, Connecticut, and Utah had already gone into effect. 2024 saw three additional state laws become enforceable, and as we roll into 2025, many more laws are going into effect. Here is a breakdown of the state privacy laws that have recently taken effect and those that will go into effect in 2025.
State Privacy Laws Effective in 2024
The following three laws became effective this year:
- The Oregon Consumer Privacy Act was enacted on July 1st, 2024. It has a thirty-day cure period that expires on January 1st, 2026. Violations can result in fines of up to $7500.
- The Texas Data Privacy and Security Act also took effect on July 1st. It has a thirty-day cure period and fines of up to $7500 per violation.
- The Montana Consumer Data Privacy Act became enforceable on October 1st, 2024. This law has a sixty-day cure period. Penalty amounts are not specified in the law.
Laws Going into Effect in 2025
2025 will be an active year for state data privacy laws, with eight scheduled to go into effect. The effective dates are:
January 1st
- The Delaware Personal Data Privacy Act has a sixty-day right to cure that expires on December 31st, 2025. The law does not specify fine amounts.
- The Iowa Privacy Law has a ninety-day cure period and fines can be as high as $7500 per violation.
- The Nebraska Data Privacy Act has a thirty-day cure period and a fine amount of up to $7500 per violation.
- The New Hampshire Privacy Law has a sixty-day cure period that expires on December 31, 2025. The law does not include a specific fine amount.
January 16th
- The New Jersey Privacy Law has a thirty-day cure period that expires in July of 2026. There is no specified penalty amount.
July 1st
- The Tennessee Information Protection Act contains a sixty-day cure period and a maximum fine of $15,000 per violation.
July 31st
- The Minnesota Consumer Data Privacy Act has a thirty-day cure period that expires on January 1st, 2026. The maximum penalty is $7500 for each violation.
October 1st
- The Maryland Online Data Privacy Act has a sixty-day cure period that expires on April 1st, 2027. The law doesn’t specify penalty amounts.
Enforceable in 2026
Indiana, Kentucky, and Rhode Island have privacy laws scheduled to go into effect on January 1st, 2026.
State legislatures will reconvene in early 2025 and we will likely see more states pass comprehensive data privacy laws. CompliancePoint is always monitoring regulatory updates, so be sure to check our blog page and follow us on LinkedIn to stay up to date on any new laws.
The CompliancePoint team of privacy professionals can help your organization comply with all state laws and avoid the associated risks. Contact us today at connect@compliancepoint.com to learn more about how we can help you.
Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.
