2 More U.S. States Enact Data Privacy Legislation

2 More U.S. States Enact Data Privacy Legislation

2024 is shaping up to be another active year in the privacy sector. In Q1, we saw two states enact comprehensive consumer privacy legislation. On January 16th, New Jersey Governor Phil Murphy signed into law the New Jersey Data Privacy Act (NJDPA). Then, on March 6th, New Hampshire became the 14th state to enact comprehensive data privacy legislation when Governor Chris Sununu signed into law the New Hampshire Privacy Act (NHPA).

Both laws will go into effect in January of 2025 – specifically, January 1, 2025 for the NHPA, and January 15, 2025 for the NJDPA. Each state’s attorney general will have exclusive authority to enforce the new data privacy laws in their respective states, and neither law provides a private right of action. Interestingly, both laws will provide time-limited rights to cure (upon notice of breach by the AG) that will sunset over time. For an overview of the key provisions of both laws, please see our state privacy law chart.

Additionally, 18 more states are currently considering comprehensive data privacy legislation to protect the personal data of their respective consumer constituents; they are Georgia, Hawaii, Illinois, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nebraska, New York, North Carolina, Ohio, Pennsylvania, Rhode Island, Vermont and Wisconsin.

As this collective body of state legislation expands, and companies grapple with implementing the right compliance programs, it may make sense to consider gearing a data privacy compliance program to the most stringent requirements across the board, rather than trying to implement varying requirements, processes and procedures for each state.

If you have questions or need help complying with state data privacy laws, please contact Virginia Fournier at [email protected].

A member of our California team, Virginia Fournier is a seasoned technology and privacy attorney with over 25 years of legal and business experience in the industry. She regularly handles a wide range of technology-related matters, including negotiating and drafting complex licensing agreements, compliance, data security and privacy, and intellectual property issues. Virginia is also a Certified Information Privacy Professional (CIPP/US).

This publication should not be construed as legal advice or a legal opinion on any specific facts or circumstances not an offer to represent you. It is not intended to create, and receipt does not constitute, an attorney-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal questions you may have. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.

Subscribe to Our Blog