Small triangle design

State Privacy Rights Legislation: What to Expect in 2025

April 22, 2025

The issue of personal digital privacy is an increasing concern to consumers. As federal legislators struggle with federal legislation to regulate how businesses must handle consumer privacy, states across the U.S. are stepping up to protect consumer privacy. These laws aim to give individuals greater control over their personal data while imposing stricter compliance requirements on businesses. There are currently 20 states that have comprehensive consumer privacy rights laws in effect and more states are drafting legislation and enacting their own laws.  In 2025, several states will implement new privacy laws, marking a significant shift in the regulatory environment.

Kind of the same yet different

While each state’s law has unique provisions, many share core requirements aimed at enhancing consumer privacy. What do most laws have in common?

  • Data Access and Transparency: Businesses must provide consumers with access to their personal data and disclose what information is collected and how it is used.
  • Rights to Correct and Delete Data: Consumers have the right to request corrections to inaccurate information and deletion of data that is no longer needed.
  • Consent for Data Collection: Explicit consumer consent is often required, especially for sensitive personal information such as health, biometric, or financial data.
  • Opt-Out Mechanisms: Most laws mandate mechanisms for consumers to opt out of data sharing or the sale of personal information.
  • Data Protection and Security Measures: Companies must implement measures to safeguard personal data against breaches, including encryption and secure access controls.
  • Privacy Notices: Businesses must provide clear privacy notices outlining data collection practices, rights, and processes for exercising those rights.

The following states are implementing new privacy rights laws in 2025:

Delaware: The Delaware Personal Data Privacy Act (DPDPA) will take effect on January 1, 2025. It applies to businesses processing personal data of 35,000 or more consumers or deriving significant revenue from data sales.

Iowa: The Iowa Consumer Data Protection Act (ICDPA) also becomes effective on January 1, 2025. It targets entities processing data of 100,000 or more consumers or earning over 50% of revenue from data sales.

Maryland: The Maryland Online Data Privacy Act (MODPA) will take effect on October 1, 2025. However, the law will not apply to any personal data processing activities before April 1, 2026.

Minnesota: The Minnesota Consumer Data Privacy Act (MCDPA) is still scheduled to take effect on July 31, 2025. The law grants consumers privacy rights and imposes requirements on businesses and organizations handling personal data.

Nebraska: The Nebraska Data Privacy Act (NDPA) will be enforced starting January 1, 2025, focusing on businesses handling personal data and meeting specific thresholds.

New Hampshire: The New Hampshire Data Privacy Act (NHDPA) will come into effect on January 1, 2025, introducing obligations for businesses targeting state residents.

New Jersey: New Jersey’s privacy law will follow shortly after, becoming effective on January 15, 2025. It emphasizes consumer rights and data protection.

Tennessee: The Tennessee Information Protection Act (TIPA), will take effect on July 1, 2025.

The trend will continue! Kentucky, Indiana and Rhode Island have approved legislation that goes into effect in 2026.

Key Compliance Considerations

If your dealership is not yet thinking about consumer privacy rights here are a few things you should be considering:

  • Implementing mechanisms for consumer data access, correction, and deletion. Implement a service that automates most of the privacy rights compliance requirements for the various state laws.
  • Adopting transparent data processing practices.
  • Ensuring readiness to respond to universal opt-out mechanisms, as required by some laws.
  • Train employees on consumer privacy rights and the dealerships responsibility to comply with consumer requests.

These developments reflect a growing trend toward robust privacy protections at the state level. Organizations should stay informed and proactive to navigate this evolving regulatory landscape effectively. Accelerate2Compliance can help with solutions and tools that best fit your dealership. Contact us at (844) 637-5511 or email [email protected].

Speaker Profile Picture of Matthew Vatter

Matt Vatter

Chief Compliance Officer, Accelerate2Compliance

Small triangle design

Why A2C?

Compliance is an incredibly complicated topic, but our solution is the opposite of complicated: it’s just simple. We take the complexities of information security compliance and simplify them, so you can know what you need to do, do it efficiently, then get back to doing what you do best. You’ll get everything you need from us, and that’s all – you will not be paying for extras you DON’T need. We know what we’re doing. As you begin your information security compliance journey with A2C, you can rest assured you’ll be headed down the road to compliance.

Is A2C Right for You?

Find Out With This Quick Q&A

Take the Quiz

Let's Talk

Still need help? Let’s talk! You’ll learn how easy our product is to use and scale, and how we can save you time, money, and stress.

Address:
605 North Highway 169, Suite 250
Plymouth, MN 55441


+1-844-637-5511


Sales:
[email protected]
Support:
[email protected]

To top