Current State of US Privacy Laws

California Privacy Rights Act (CPRA)
- In addition to CCPA rights, beginning Jan 1st 2023 the California Consumer Privacy Act will also apply in full to human resources data. This means that the individually identifiable information of your applicants, employees, independent contractors, dependents, and other HR data of California residents will fall under CPRA. Any of these individuals will be able to request data access and/or deletion of their personal data.
- California Children Online Data and Privacy
  - https://www.gov.ca.gov/2022/09/15/governor-newsom-signs-first-in-nation-bill-protecting-childrens-online-data-and-privacy/
- California Abortion Protection Law
  - https://calmatters.org/health/2022/09/california-abortion-bills/
Virginia Privacy Law (VCDPA) will be enforced beginning Jan 1st 2023, which is similar to CPRA
Colorado Privacy Law (CPA) will be enforced beginning Jul 1st 2023
Utah Privacy Law (UCPA) will be enforced beginning Dec 31st 2023
Nevada privacy law (SB260) was enforced on Oct 1st 2021
Illinois has multiple privacy laws where state agencies and consumers need to comply:
- Personal Information Protection Act(PIPA).
- Student Online Personal Protection Act(SOPPA).
- Biometric Information Privacy Act(BIPA).
- Protecting Household Privacy Act (PHPA) enforced on Jan 1st 2022.
There are over 20 other US states where privacy laws are under review.

Secuvy is a next generation Data Security, Privacy and Governance platform using AI driven workflows to track, monitor, alert sensitive data in the cloud, on-prem, file shares and legacy systems. Secuvy correlates and creates a contextual graph of individuals to provide data in a straightforward “single pane of glass” view, allowing organizations to easily comply with global privacy and security laws.

Summary: The US is actively looking to pass a federal privacy law parallel to GDPR in Europe. Today, there are over 130 privacy laws globally and expanding. Today’s organization stores consumers, customers, employee data etc.. where they need to comply with multiple laws, else have to go through fines. Secuvy helps to automate privacy compliance tracking requirements of all current and future privacy regulations

Related Blogs

April 19, 2026

AI Pipeline Data Governance: What CISOs Need to Know in 2026

If your organization is running AI agents or has connected LLMs to internal knowledge bases, there’s a governance gap already open inside your AI program,...

Why Enterprise AI Projects Stall: The Data Problem

April 15, 2026

Why Enterprise AI Projects Stall – And What the Data Problem Actually Is

There is a number that keeps appearing in enterprise AI conversations, and most teams would rather not talk about it. 56% of enterprise AI proof-of-concept...

April 12, 2026

Why Data Sovereignty Fails Without Data Intelligence: Lessons from the Agentic AI Era

Enterprises spent years treating data sovereignty as a geography problem. But it’s always been an intelligence problem, and enterprises just didn’t know it until AI...

April 09, 2026

NVIDIA GTC Said AI Data Is a River, Not a Lake – Here’s What That Means for Your Data Pipeline

Most enterprise AI teams are solving the wrong problem first. They’re optimizing storage speed for data that was never safe or ready to use. At...

April 06, 2026

Anthropic Leaked Its Own AI Model – Because Even AI Companies Don’t Know What Data They’re Exposing

A company building the world’s most capable AI model left thousands of sensitive internal files in a publicly searchable data store. No sophisticated attacker was...

February 28, 2026

ChatGPT Enterprise vs Reality: Where Data Still Leaks

“HUMANS, as you know, make MISTAKES.” And that single fact is enough to unravel everything your ChatGPT Enterprise license promised to protect. OpenAI explicitly promises...

ChatGPT vs. Copilot vs. Claude: LLM Data Security

February 22, 2026

LLM Data Security: ChatGPT vs Copilot vs Claude Data Risks

If you believe ChatGPT Enterprise, Microsoft Copilot, and Claude are secure for enterprise use, consider these uncomfortable facts: ChatGPT has already suffered a bug that...

February 18, 2026

How Enterprises Lose Sensitive Data Through AI Assistants

ChatGPT Enterprise prevents OpenAI from training on your data, but it doesn’t stop sensitive data exposure, unauthorized transmission, or regulatory violations. The moment confidential or...

February 14, 2026

How Sensitive Data Leaks into ChatGPT Prompts (Real Enterprise Scenarios)

“ALERT: SENSITIVE INFORMATION IS LEAKING FROM YOUR SOURCE TO ANOTHER!” Your over-helpful bot would never say that. That’s because AI does exactly what it is...

February 10, 2026

For US Enterprises: How to Protect Data across ChatGPT Enterprise in 2026 (With Examples)

Did you know that Samsung banned ChatGPT & the use of Gen-AI company-wide in 2023? This decision was undertaken as an internal security incident where...

November 15, 2024

Best Practices for Data Classification in ISO 42001 Compliance

Using Data Classification for Effective Compliance When working toward ISO 42001 compliance, data classification is essential, particularly for organizations handling large amounts of data. Following...

November 12, 2024

Getting Started with Data Classification for ISO 42001 Compliance: A How-To Guide

Laying the Groundwork for ISO 42001 Compliance Starting the journey toward ISO 42001 compliance can seem complex, but with a strategic approach, companies can lay...

November 07, 2024

A Comprehensive Guide To Data Subject Access Request (DSARs)

A Data Subject Access Request (DSAR) is the means by which a consumer can make a written request to enterprises to access any personal data...

November 07, 2024

Vendor Risk Management: What is It, Why is It Important, and More

VRM deals with managing and considering risks commencing from any third-party vendors and suppliers of IT services and products. Vendor risk management programs are involved...

October 30, 2024

All About Data Discovery Tools -Characteristics And Evaluation

With organizations storing years of data in multiple databases, governance of sensitive data is a major cause of concern. Data sprawls are hard to manage...

October 30, 2024

Opt-in Vs. Opt-out Privacy Rights – All You Need to Know

There has been a phenomenal revolution in digital spaces in the last few years which has completely transformed the way businesses deal with advertising, marketing,...

October 30, 2024

CPRA vs CCPA: What You Need to Know About the Replacement of CCPA in 2023

In 2023, the California Privacy Rights Act (CPRA) will supersede the California Consumer Privacy Act (CCPA), bringing with it a number of changes that businesses...

October 09, 2024

Mastering EU AI Act Compliance Through AI-Driven Data Classification Methods

For years, tech companies have developed AI systems with minimal oversight. While artificial intelligence itself isn’t inherently harmful, the lack of clarity around how these...

September 25, 2024

Understanding AI Compliance: Key Insights for Businesses

Navigating the Shift in AI Compliance Regulations The latest revisions in the Justice Department’s corporate compliance guidelines signal a significant shift for companies that rely...

September 18, 2024

Role of Data in Ensuring Data Security

Introduction The threat landscape around data security evolves each year due to factors like a lack of robust security measures, improper data handling, and increasingly...

1 2 3 … 6 ... Next Page

Prepare for Assessments and Get AI-Ready

Gain visibility into sensitive data, reduce exposure, and produce evidence you can trust without months of deployment or manual effort.

Current State of US Privacy Laws

Current State of US Privacy Laws

Related Blogs

Prepare for Assessments and Get AI-Ready

Platform

Solutions

Learn

Company