State Data Privacy Laws
Stay informed about your privacy rights with our comprehensive guide to state data privacy laws. This page provides a complete overview of the current data protection regulations across U.S. states, helping you understand how your personal information is safeguarded.
Whenever you engage in an online activity, organizations collect information about you. Consumers expect businesses to care for their data and safeguard it from bad actors. Data privacy laws exist to set standards on what an organization can and can’t do with the information it collects. They also provide a means for consumers to hold businesses accountable for failing to safely secure their data after a data breach.
In New York and nationwide, data privacy laws aim to protect consumers and their personal information from being accessed by unauthorized third parties. Data breaches can cause significant damage to victims’ lives, and identity theft is a real threat. Privacy laws in New York aim to prevent data breaches and give residents the information and access they need to protect themselves after a breach occurs.
In today’s world, major data breaches are a frequent occurrence, and Pennsylvania residents aren’t immune. These breaches can target your Social Security number, bank accounts, and even your genetic information.
Maryland’s data privacy laws are designed to protect residents from the misuse and unauthorized exposure of their personal information. With new legislation like the Maryland Online Data Privacy Act of 2024, businesses operating in the state must follow strict requirements for collecting, storing, and sharing consumer data. If you’re one of the many state residents who’ve gotten a notice regarding a data breach recently, you may be rightly worried about your data and concerned about your next step.
If an individual or business of any size steals or misuses your private data, your legal recourse might depend on the jurisdiction. Texas has become one of the most proactive states in protecting consumer privacy. From mandatory breach notifications to limits on how companies collect and use your data, Texas state law gives you clear protections and options to file a claim and pursue justice after a data breach.
Whether you are shopping online, scheduling an appointment, or just browsing a website, your personal details may be gathered and stored, sometimes without your full knowledge. Some data is anonymous, but other information like Social Security numbers, contact details, or purchase histories can be used to identify or harm you after a data breach.
In the United States, federal and state data privacy laws aim to protect consumers’ personal information from data breaches, which can lead to identity theft, fraud, extortion, and other crimes. State laws, like Illinois’ data privacy laws, carry much of this burden, as there is no comprehensive federal data breach response law. At Class Action U, our mission is to simplify the process of taking legal action after a data breach, connecting victims with our legal partners to join ongoing class actions or file individual lawsuits for the damages they’ve suffered after a breach.
Data breaches can be devastating for affected individuals and their families. Breaches are not only a violation of privacy but also an exposure to potential identity theft, extortion, and other harmful practices. Because of this, California has several laws in place to protect consumers and give them legal avenues for recourse in the event of a breach.
Florida’s data privacy laws protect consumers’ personal information, such as social security numbers and banking information, from unauthorized access. When data breaches occur, these laws also dictate how businesses or organizations must respond and notify consumers of the breach. Additionally, the law allows victims of data breaches to take legal action and recover damages for financial and emotional harm.
Indiana’s Consumer Data Protection Act, effective January 2026, grants consumers rights to access, correct, delete, and opt out of the sale of personal data. It also mandates breach notifications, offering protection against fraud and identity theft.
Missouri lacks a comprehensive data privacy law but has breach notification requirements under the Identity Theft Protection Act. Consumers may pursue compensation through class actions if their data is compromised.
Michigan has no comprehensive data privacy law but mandates breach notifications under federal and state laws. Victims can pursue legal action or class actions for compensation after data breaches.
Wisconsin requires data breach notifications within 45 days under state law. While lacking a broad privacy law, consumers can still seek compensation through class actions for breaches involving personal data.
Georgia Data Privacy Laws
Several states have enacted major data privacy laws, including California and Virginia. Georgia may follow with new legislation that imposes restrictions on data collection and gives consumers greater control over their data.
One law under consideration recently in the state is the Georgia Privacy Protection Act. Its provisions include:
- Limitations on the collection and resale of consumer data
- Rights for consumers to decline collection of their personal data
- Penalties for organizations that fail to protect consumer data
The prospective law failed to pass the Georgia General Assembly’s 2025-2026 legislative session. However, it may be reintroduced next year.
New York State Data Privacy Laws
Data privacy laws are crucial to protect the identities, finances, and personal information of consumers across New York. The state takes a proactive stance on data protection to minimize the impact of data breaches on residents and businesses alike. Because there is no comprehensive federal law governing data privacy, many individual states, including New York, have established their own privacy laws to safeguard consumer data.
As of 2025, New York’s two main data privacy laws include the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and the New York Personal Privacy Protection Law (PPPL). However, several other data privacy laws with more comprehensive protections are pending in the state legislature.
Pennsylvania Data Privacy Laws
Pennsylvania law currently requires businesses to have a detailed information security plan and provide prompt notifications for data breaches.
The Pennsylvania General Assembly is currently considering a privacy bill that would impose additional requirements on businesses and grant consumers greater rights over their data once it is collected.
Maryland Data Privacy Laws
Maryland’s data privacy laws require organizations to take steps to protect personal data and promptly notify consumers in the event of a breach. A new state law coming into force in 2025 and 2026 will place additional requirements on businesses and provide consumers with more rights regarding their data.
Texas State Data Privacy Laws
Texas has enacted several strong privacy laws that require businesses to protect consumer data and notify affected individuals if a data breach occurs. If your personal or sensitive information is compromised, these laws may give you the right to take legal action or join a class action lawsuit.
Ohio Data Privacy Laws
Several Ohio regulations protect consumers from the misuse of their sensitive data. These laws place strict requirements on how entities use your data and their responsibilities if a data breach occurs.
Illinois State Data Privacy Laws
In Illinois, three key laws protect residents’ personal information from unauthorized access and give consumers the right to take legal action if their information is not properly protected. State law protects several types of personal data, including traditional identifiers like Social Security numbers and driver’s license information, as well as other personal information like financial data, biometric data, and health information. Illinois’ three main data privacy laws include:
- The Illinois Personal Information Protection Act (PIPA)
- The Illinois Biometric Information Privacy Act (BIPA)
- The Illinois Insurance Data Security Law
California State Data Privacy Laws
California law requires businesses and government agencies to notify all California residents whose unencrypted personal information was acquired by an unauthorized person. The three main laws that protect consumer privacy in California are the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California Data Breach Notification Law.
Florida State Data Privacy Laws
Under Florida law, businesses, government agencies, and third-party organizations must take reasonable steps to protect and secure consumers’ data if it contains personal information. Additionally, the law requires these entities to notify the government of any security breach affecting more than 500 people statewide within 30 days of discovering the breach. Businesses and organizations that experience data breaches must also provide notice within 30 days to affected individuals whose personal information was accessed. Violations of these laws qualify as unfair or deceptive trade practices.
Indiana Data Privacy Laws
The Indiana Consumer Data Protection Act (INCDPA), effective January 1, 2026, grants Indiana residents control over their personal data. It includes rights to access, correct, delete, and opt out of the sale of their data. Businesses must provide clear privacy notices and protect data from breaches. The law applies to businesses handling personal data of 100,000+ consumers or 25,000+ consumers if over 50% of their revenue comes from data sales. Sensitive data such as health, biometric, and geolocation info is given stronger protection. In case of a breach, businesses must notify affected individuals promptly. Indiana residents can take steps like credit monitoring or pursuing legal action if their data is compromised.
Missouri Data Privacy Laws
Missouri lacks a comprehensive consumer data privacy law but has several laws that offer privacy protections, especially in the event of a data breach. Key laws include the Missouri Data Breach Notification Law, which requires businesses to notify affected consumers of breaches involving personal information like Social Security numbers or medical data. The Missouri Social Security Number Protection Law restricts the public use and display of Social Security numbers, while the Missouri Student Data Privacy Law mandates breach notifications to parents if student data is compromised. The Insurance Data Security Act, effective January 2026, sets standards for insurance companies’ cybersecurity. While Missouri’s laws offer some protections, they are less comprehensive than those in states like California and Illinois. After a breach, Missouri consumers can take steps like credit monitoring and pursue compensation through lawsuits or class actions.
Michigan Data Privacy Laws
Michigan currently lacks a comprehensive data privacy law but requires businesses to follow federal regulations and state-specific laws like the Identity Theft Protection Act (ITPA), which mandates breach notifications. Michigan businesses must notify residents if their unencrypted personal data is compromised, unless the breach is deemed unlikely to cause harm. Proposed bills, such as Senate Bill 359, could introduce more consumer protections, including consent requirements for data collection and privacy notices. Victims of data breaches may pursue compensation through class action lawsuits or other legal avenues. In the event of a breach, Michigan consumers should verify the compromised data, use credit monitoring services, and explore legal options for compensation.
Wisconsin Data Privacy Laws
Wisconsin lacks a comprehensive data protection law but offers basic privacy protections through various state statutes and federal regulations. Businesses must notify consumers within 45 days of a data breach involving unencrypted personal information, such as Social Security numbers, financial details, and biometric data. Exceptions apply to sole proprietorships, federally regulated entities, and healthcare providers. While Wisconsin does not have a broad consumer privacy law, the Wisconsin Data Privacy Act, proposed in 2023, aimed to address consumer data rights but was not passed. Victims of data breaches can seek compensation through class action lawsuits or other legal avenues. Wisconsin consumers should take steps like credit monitoring, freezing their credit, and reviewing breach notices to protect themselves.
- Georgia State Data Privacy Laws
- New York State Data Privacy Laws
- Pennsylvania Data Privacy Laws
- Maryland Data Privacy Laws
- Texas State Data Privacy Laws
- Ohio Data Privacy Laws
- Illinois State Data Privacy Laws
- California State Data Privacy Laws
- Florida State Data Privacy Laws
- Indiana Data Privacy Laws
- Missouri Data Privacy Laws
- Michigan Data Privacy Laws
- Wisconsin Data Privacy Laws