- California Online Privacy and Protection Act of 2003 (CalOPPA), which applies to any commercial website that collects the PII of residents of California;
- California Consumer Privacy Act (CCPA), which applies to for-profit entities that do business in California, collect the PII California residents, and meet one or more of the following criteria:
- Has annual gross revenues of $25,000,000 or more;
- Buys, receives, sells, or shares the PII of at least 50,000 California consumers, households, or devices; or
- Derives at least 50% of its annual revenue from selling the PII of California consumers.
- Nevada Revised Statutes Chapter 603A, which applies to operators of commercial websites that collect the PII of Nevada residents and enters into transactions with residents of Nevada or otherwise has sufficient connections with the state;
- Delaware Online Privacy and Protection Act (DOPPA), which applies to any commercial website that collects the PII of residents of Delaware;
- General Data Protection Regulation (GDPR), which applies to you if you:
- Are located in the European Union;
- Offer goods or services to European Union residents, regardless of your location; or
- Monitor the behavior of European Union residents, regardless of your location. This clause will make GDPR applicable to you if you have an analytics tool such as Google Analytics installed on your law firm’s website because analytics tools track the behavior of everyone who visits your website.
- Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to organizations across Canada that collect, use, or disclose PII in the course of commercial activity. This law can also apply to you even if you are not located in Canada, as long as you are collecting the PII of Canadians.