Businesses must make incremental changes to comply with five state privacy laws effective this month, privacy experts said in interviews. Comprehensive laws took effect Jan. 1 in Delaware, Iowa, Nebraska and New Hampshire. A New Jersey law becomes effective Jan. 15, with that state’s attorney general office’s consumer affairs division soon expected to open a rulemaking.
Delaware’s new privacy law gives the state AG office “important tools to enforce consumers’ data privacy and security,” said AG Kathy Jennings (D) on Monday. The comprehensive privacy law took effect Jan. 1 and will be enforced exclusively by Delaware DOJ’s Fraud and Consumer Protection Division.
New Republican leadership for the House and Senate Commerce committees could mean a full reset for federal privacy legislation in 2025. That’s according to interviews with incoming Senate Commerce Committee Chairman Ted Cruz, R-Texas, and incoming House Commerce Committee Chairman Brett Guthrie, R-Ky.
Vermont and Washington state will soon introduce comprehensive privacy bills, while Connecticut will have a bill that would add data minimization rules and make other changes to its 2022 law, legislators told Privacy Daily ahead of sessions starting this month. Also, legislators in Oklahoma and South Carolina prefiled bills last month for the 2025 legislative sessions. Additional privacy bills are expected this year in several other states, said privacy lawyers and consumer advocates in other interviews.