Comprehensive State Privacy Acts


Comprehensive data privacy regulation is more rigorous than ever in the United States. From the amended California Consumer Privacy Act (CCPA) to the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CoPA), the Connecticut Data Privacy Act (CTDPA) and the Utah Consumer Privacy Act (UCPA) to the host of industry- and subject matter-specific regulations in place at the state and federal levels, our dedicated privacy compliance attorneys are seasoned professionals on U.S. privacy laws.

We have guided hundreds of companies through the compliance process, provide strategic advice on every aspect of data privacy, and are leading advocates for businesses facing regulatory investigations and consumer lawsuits. We proactively monitor new developments in this dynamic area of regulation and help our clients stay ahead of pending legislation. Combining our strength in privacy and advertising law, we also help publishers, advertisers and ad tech companies address complex issues regarding the impact of privacy laws on digital advertising, and we work with the leading trade associations in this regard.

What You Need to Know

When the CCPA took effect in January 2020, it ushered in a new era of comprehensive state privacy laws in the United States. Beyond regulation of specific types of information or specific industries, the CCPA’s protections apply to all California residents, regardless of their relationship with a business, the industry in which the business operates, and whether the business collects personal information online or offline. The California Privacy Rights Act (CPRA) further expanded individual privacy rights, created additional requirements for businesses, established a new enforcement agency dedicated to data privacy, and ended exemptions for personal information collected from employees, job applicants and business-to-business contacts.

Meanwhile, California is no longer alone in enacting comprehensive privacy laws. By the start of 2025, more than 19 percent of the U.S. population will have the right to ask businesses what personal information is held about them, to delete or correct that information, and to limit certain uses and sharing, among other rights. Dozens of comprehensive privacy bills pending in state legislatures and a proposed federal privacy law foreshadow further expansion of omnibus privacy regulation. While there are harmonized approaches that can be leveraged for compliance with these laws, it is critical to know the detailed requirements of each law, the nuances of when they apply, and how they interact with existing federal privacy laws like the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach-Bliley Act (GLBA).

At its core, compliance with comprehensive privacy laws requires a thorough understanding of how your business collects and uses personal information; how it shares personal information with business partners, vendors and others; the rights available to individuals; and what actions must be taken on personal information the business holds in order to delete it, correct it, provide a portable copy, or enable an individual to opt out of certain data uses.

How We Can Help


Our privacy compliance attorneys are deeply familiar with the implications of the U.S. state comprehensive privacy laws as well as the pending privacy landscape. We provide clients with strategic and practical compliance advice that includes:

  • Compliance readiness assessments
  • Compliance program development and implementation
  • Data inventory and mapping of data flows
  • Analysis and management of cookies, pixels, software development kits (SDKs), and other tools that may collect and transfer personal data
  • Privacy policies and notices
  • Privacy rights requests
  • Privacy and data security assessments and risk management
  • Contract negotiation and drafting
  • Tracking legislative and regulatory developments
  • Due diligence for mergers, acquisitions and other transactions
  • Identifying, engaging and managing privacy and technology consultants and solutions

We provide privacy guidance for companies across all industries, including:

  • Advertising, marketing and digital media
  • Entertainment
  • Retail
  • Consumer services
  • Food and beverage
  • Hospitality
  • Technology, including software as a service
  • Healthcare and medical devices
  • Manufacturing
  • Financial services/wealth management
  • Human resource services and employee benefit providers
  • Health and wellness
  • Professional services organizations
  • Real estate


When the California attorney general began enforcement of the CCPA on July 1, 2020, our firm was there to defend businesses caught in the first wave of enforcement. We have continued to advocate on behalf of clients facing government inquiries, investigations and enforcement relating to data privacy. Our unique knowledge and experience in this area along with our backgrounds in litigation and white-collar defense allow us to provide strategic and effective representation of companies facing regulatory scrutiny, as well as best-in-class advice to help keep clients out of the regulatory crosshairs




In The Blogs

Previous Next
Data Counsel
8 Key Takeaways for Initial Defenses Under the CCPA and CPRA
By Casie D. Collignon, Jeewon K. Serrato
October 7, 2021
Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking...
Data Counsel
California Amends Landmark Privacy Law Delaying Enforcement and Making Revisions
September 5, 2018
With only hours left to the 2018 legislative session, the California Legislature has amended the California Consumer Privacy Act of 2018 (CCPA) by passing SB-1121. The legislature was expected to amend the CCPA, which passed in just about...
Data Counsel
California Consumer Privacy Act: Navigating Consumer Lawsuits & Limiting Remedies
By Paul G. Karlsgodt
August 29, 2018
California’s new privacy law, the California Consumer Privacy Act of 2018 (CCPA or act), which goes into effect Jan. 1, 2020, grants California residents (referred to as consumers in the act but not limited to consumers) a wide range of...
Data Counsel
Not Too Early to Start to Prepare for New California Privacy Law
August 14, 2018
In late June, the California legislature signed into law Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018 (CCPA), a privacy law, unprecedented in the U.S., that grants California residents a broad range of...
Data Counsel
California Passes Groundbreaking Data Privacy Law Granting Consumers Expansive Privacy Rights
July 3, 2018
California has passed an unprecedented privacy law that protects consumers’ rights by providing them with a greater degree of transparency and choice with respect to their personal information online. On June 28, 2018, Assembly Bill 375...