State Data Privacy Laws
Stay informed about your privacy rights with our comprehensive guide to state data privacy laws. This page provides a complete overview of the current data protection regulations across U.S. states, helping you understand how your personal information is safeguarded.
Georgia Data Privacy Laws
Whenever you engage in an online activity, organizations collect information about you. Consumers expect businesses to care for their data and safeguard it from bad actors. Data privacy laws exist to set standards on what an organization can and can’t do with the information it collects. They also provide a means for consumers to hold businesses accountable for failing to safely secure their data after a data breach.
New York Data Privacy Laws
In New York and nationwide, data privacy laws aim to protect consumers and their personal information from being accessed by unauthorized third parties. Data breaches can cause significant damage to victims’ lives, and identity theft is a real threat. Privacy laws in New York aim to prevent data breaches and give residents the information and access they need to protect themselves after a breach occurs.
Pennsylvania Data Privacy Laws
In today’s world, major data breaches are a frequent occurrence, and Pennsylvania residents aren’t immune. These breaches can target your Social Security number, bank accounts, and even your genetic information.
Maryland Data Privacy Laws
Maryland’s data privacy laws are designed to protect residents from the misuse and unauthorized exposure of their personal information. With new legislation like the Maryland Online Data Privacy Act of 2024, businesses operating in the state must follow strict requirements for collecting, storing, and sharing consumer data. If you’re one of the many state residents who’ve gotten a notice regarding a data breach recently, you may be rightly worried about your data and concerned about your next step.
Texas State Data Privacy Laws
If an individual or business of any size steals or misuses your private data, your legal recourse might depend on the jurisdiction. Texas has become one of the most proactive states in protecting consumer privacy. From mandatory breach notifications to limits on how companies collect and use your data, Texas state law gives you clear protections and options to file a claim and pursue justice after a data breach.
Ohio Data Privacy Laws
Whether you are shopping online, scheduling an appointment, or just browsing a website, your personal details may be gathered and stored, sometimes without your full knowledge. Some data is anonymous, but other information like Social Security numbers, contact details, or purchase histories can be used to identify or harm you after a data breach.
Illinois State Data Privacy Laws
In the United States, federal and state data privacy laws aim to protect consumers’ personal information from data breaches, which can lead to identity theft, fraud, extortion, and other crimes. State laws, like Illinois’ data privacy laws, carry much of this burden, as there is no comprehensive federal data breach response law. At Class Action U, our mission is to simplify the process of taking legal action after a data breach, connecting victims with our legal partners to join ongoing class actions or file individual lawsuits for the damages they’ve suffered after a breach.
California State Data Privacy Laws
Data breaches can be devastating for affected individuals and their families. Breaches are not only a violation of privacy but also an exposure to potential identity theft, extortion, and other harmful practices. Because of this, California has several laws in place to protect consumers and give them legal avenues for recourse in the event of a breach.
Florida State Data Privacy Laws
Florida’s data privacy laws protect consumers’ personal information, such as social security numbers and banking information, from unauthorized access. When data breaches occur, these laws also dictate how businesses or organizations must respond and notify consumers of the breach. Additionally, the law allows victims of data breaches to take legal action and recover damages for financial and emotional harm.
Georgia Data Privacy Laws
Several states have enacted major data privacy laws, including California and Virginia. Georgia may follow with new legislation that imposes restrictions on data collection and gives consumers greater control over their data.
One law under consideration recently in the state is the Georgia Privacy Protection Act. Its provisions include:
- Limitations on the collection and resale of consumer data
- Rights for consumers to decline collection of their personal data
- Penalties for organizations that fail to protect consumer data
The prospective law failed to pass the Georgia General Assembly’s 2025-2026 legislative session. However, it may be reintroduced next year.
New York State Data Privacy Laws
Data privacy laws are crucial to protect the identities, finances, and personal information of consumers across New York. The state takes a proactive stance on data protection to minimize the impact of data breaches on residents and businesses alike. Because there is no comprehensive federal law governing data privacy, many individual states, including New York, have established their own privacy laws to safeguard consumer data.
As of 2025, New York’s two main data privacy laws include the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and the New York Personal Privacy Protection Law (PPPL). However, several other data privacy laws with more comprehensive protections are pending in the state legislature.
Pennsylvania Data Privacy Laws
Pennsylvania law currently requires businesses to have a detailed information security plan and provide prompt notifications for data breaches.
The Pennsylvania General Assembly is currently considering a privacy bill that would impose additional requirements on businesses and grant consumers greater rights over their data once it is collected.
Maryland Data Privacy Laws
Maryland’s data privacy laws require organizations to take steps to protect personal data and promptly notify consumers in the event of a breach. A new state law coming into force in 2025 and 2026 will place additional requirements on businesses and provide consumers with more rights regarding their data.
Texas State Data Privacy Laws
Texas has enacted several strong privacy laws that require businesses to protect consumer data and notify affected individuals if a data breach occurs. If your personal or sensitive information is compromised, these laws may give you the right to take legal action or join a class action lawsuit.
Ohio Data Privacy Laws
Several Ohio regulations protect consumers from the misuse of their sensitive data. These laws place strict requirements on how entities use your data and their responsibilities if a data breach occurs.
Illinois State Data Privacy Laws
In Illinois, three key laws protect residents’ personal information from unauthorized access and give consumers the right to take legal action if their information is not properly protected. State law protects several types of personal data, including traditional identifiers like Social Security numbers and driver’s license information, as well as other personal information like financial data, biometric data, and health information. Illinois’ three main data privacy laws include:
- The Illinois Personal Information Protection Act (PIPA)
- The Illinois Biometric Information Privacy Act (BIPA)
- The Illinois Insurance Data Security Law
California State Data Privacy Laws
California law requires businesses and government agencies to notify all California residents whose unencrypted personal information was acquired by an unauthorized person. The three main laws that protect consumer privacy in California are the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California Data Breach Notification Law.
Florida State Data Privacy Laws
Under Florida law, businesses, government agencies, and third-party organizations must take reasonable steps to protect and secure consumers’ data if it contains personal information. Additionally, the law requires these entities to notify the government of any security breach affecting more than 500 people statewide within 30 days of discovering the breach. Businesses and organizations that experience data breaches must also provide notice within 30 days to affected individuals whose personal information was accessed. Violations of these laws qualify as unfair or deceptive trade practices.