Louisiana Data Privacy Act Compliance Guide 

On May 29, 2026 the Governor of Louisiana signed LA SB386, enacting the Louisiana Data Privacy Act. This comprehensive state privacy law will go into effect on January 1, 2027. Once it goes into effect, it will provide privacy rights and protections to residents of Louisiana and will impose compliance obligations upon businesses that need to comply with this law. In this Compliance Guide, we will discuss the following aspects of Louisiana’s privacy law: 

• Who needs to comply with Louisiana’s privacy law; 
• The definition of “personal data”; 
• The privacy rights provided to residents of Louisiana; 
• The Privacy Policy requirements of the Louisiana Data Privacy Act; 
• The penalties for non-compliance; and 
• How Termageddon will handle updates for Louisiana’s privacy law. 

Who needs to comply with Louisiana’s privacy law 

Louisiana’s privacy law applies to anyone who does business in Louisiana and meets one or more of the following thresholds: 

1. Has annual gross revenues of more than $25 million; or 
2. Annually buys, receives, sells or shares the personal information of 75,000 or more Louisiana consumers, households, or devices; or 
3. Derives 50% or more of its annual revenues from selling the personal information of residents of Louisiana. 

Notably, the LDPA exempts nonprofits from compliance requirements. 

The definition of “personal data”

Since this privacy law was enacted to protect personal data, it is important to determine how it defines this term. Louisiana’s privacy law defines “personal data” as “any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual.” This means that data commonly collected through business websites such as name, email, phone number, physical address and IP address would be considered personal data and thus be protected under this law. It is important to note that this definition does not include deidentified data nor publicly available information. 

The privacy rights provided to residents of Louisiana 

Louisiana’s privacy law provides residents of the State the following privacy rights: 

1. Confirm whether a business is processing their personal data; 
2. Access their personal data; 
3. Correct inaccuracies in their personal data; 
4. Delete the personal data; 
5. Obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows the individual to transmit the personal data to another controller; 
6. Opt out of targeted advertising; 
7. Opt out of the sale of personal data; 
8. Opt out of profiling in furtherance of a decision that produces a legal or similarly significant effect concerning the individual; 
9. Not to be discriminated against based upon the exercise of privacy rights. 

LDPA provides that businesses must respond to a request to exercise privacy rights within 45 days after the date of receipt, though the response period can be extended by an additional 45 days if needed. If an individual is not satisfied with the initial response to their request, they can also appeal a privacy rights decision. 

Louisiana Data Privacy Act Privacy Policy requirements 

The Louisiana Data Privacy Act requires businesses that need to comply with this law to post a reasonably accessible and clear Privacy Policy that includes the following disclosures: 

1. The categories of personal data processed; 
2. The purpose for processing the personal data; 
3. A process on how individuals can exercise their privacy rights, including how to appeal a decision; 
4. The categories of personal data sold to third parties, if any; 
5. The categories of third parties to whom personal data is sold, if any; 
6. If sensitive personal data is sold, the following notice: “NOTICE: We may sell your sensitive data”; 
7. If biometric personal data is sold, the following notice: “NOTICE: We may sell your biometric personal data”; and 
8. Whether personal is sold or processed for targeted advertising. 

Penalties for non-compliance

Louisiana’s privacy law will be enforced by the State’s Attorney General. The Attorney General can impose a fine of up to $5,000 per violation under the Louisiana Unfair Trade Practices and Consumer Protection Law. Privacy laws usually calculate “per violation” as per person whose privacy rights were infringed upon so fines can add up very quickly. 

How will Termageddon handle updates for Alabama’s privacy law 

We have been tracking Louisiana’s privacy law since its inception and through its various changes. We will continue to track this privacy law for any rules, regulations, and/or amendments. We will email all affected customers prior to the effective date of January 1, 2027 to make updates to Privacy Policies.