New omnibus privacy laws are coming to Virginia, Colorado, and Utah in 2023 (Connecticut will likely be added to that list in coming days).  Updates to California’s existing privacy law are coming in 2023 too.  Don’t wait to implement your compliance updates as it could require changes to your operations.  These state privacy laws can apply to businesses that do not have offices or employees in that state and reach activities conducted outside of the particular state.  See our prior alert to see if these state laws apply to your business.

In this alert, we compare the individual rights granted under each of the state privacy laws.  As you will see in the table, the states have different rights for their consumers, which businesses will need to navigate as they plan to roll-out multi-state and national consumer rights processes.  All states require businesses to respond in 45 days (but can extend an additional 45 days under certain circumstances).  

^{*The information contained in this table is a condensed summary and is not exhaustive of all legal requirements, potential exceptions or variables under the referenced laws.  This overview does not substitute for considering the legal requirements in their entirety or in light of facts specific to a particular organization.}