Published:

Updated:

What privacy laws are covered by Termageddon?

Privacy Policy

Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

Termageddon Privacy Laws Covered

Most businesses that have a website have a Privacy Policy to comply with applicable laws and thus avoid fines and even lawsuits. In fact, any website that collects Personally Identifiable Information (PII) such as names, emails, phone numbers or IP addresses will most likely need to comply with at least one privacy law. If you do not think that your website collects PII, you should be aware of the fact that your website does collect PII if it has any of the following features: 

  • Contact forms; 
  • Email newsletter sign up forms; 
  • eCommerce; 
  • Analytics programs (e.g. Google Analytics); 
  • Account creation forms; 
  • Advertising features (e.g. Facebook Pixel). 

Privacy laws are enacted to protect the PII of residents of certain states or countries and thus have a broad reach, applying to businesses outside of those states or countries. In addition to offering privacy rights to individuals, each privacy law also requires businesses to have a Privacy Policy that contains the specific disclosures required by that law

Current United States Privacy Laws

Termageddon can help you comply with the following United States privacy laws

California Online Privacy and Protection Act of 2003 (CalOPPA)

Effective date: July 1, 2014

The California Online Privacy Protection Act (CalOPPA) is a privacy law that went into effect on July 1st, 2014 and protects the Personally Identifiable Information (PII) of residents of California. CalOPPA was the first state law in the United States that requires business websites to have a Privacy Policy. This law requires websites to have a number of specific disclosures in their Privacy Policy and to display it in a very specific way.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesYes
Enforced byCalifornia Attorney General
Right to correct dataNo
Right to restrict processingNo
Right to portabilityNo
Right to access dataNo
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outNo
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read CalOPPA or Read our CalOPPA Compliance Guide

California Privacy Rights Act (CPRA)

Effective date: January 1, 2023

The CPRA: California Privacy Rights Act (previously the CCPA) is landmark privacy legislation in the United States. The law provides a variety of consumer rights to Californians, allowing individuals to expand their control over their personally identifiable information (“PII”). At a minimum, the CPRA is a step towards the European Union’s General Data Protection Regulation (“GDPR”), perhaps the most comprehensive privacy law to date. 

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerYes
Applies to small businessesNo
Enforced byCalifornia Attorney General and California Privacy Protection Agency
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read the CPRA or Read our CPRA Compliance Guide

Nevada Revised Statutes Chapter 603A

Effective date: January 1, 2017

When it comes to determining what laws require websites to have a Privacy Policy, most people are surprised to learn that Nevada has a privacy law that governs the collection of Personally Identifiable Information by websites. Nevada Revised Statutes Chapter 603A, like many other privacy laws, has a broad reach and can apply to businesses outside of Nevada, it has unique requirements for what a Privacy Policy must contain and imposes heavy penalties for not meeting those requirements.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesYes
Enforced byNevada Attorney General
Right to correct dataNo
Right to restrict processingNo
Right to portabilityNo
Right to access dataNo
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read Nevada Revised Statutes Chapter 603A or Read our 603A Compliance Guide

Delaware Online Privacy and Protection Act (DOPPA)

Effective date: January 1, 2016

The “Delaware Online Privacy and Protection Act” is a comprehensive law focusing on online and personal privacy. It defines key terms like advertising services and book services, and outlines restrictions on online marketing to children, specifying prohibited products. The Act requires online operators to clearly post their privacy policies, detailing the collection, use, and sharing of personal information. It also regulates the disclosure of user information in book services, stipulating conditions for sharing with government entities. Enforcement of these regulations falls under the Consumer Protection Unit of the Department of Justice.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesYes
Enforced byDelaware Attorney General
Right to correct dataNo
Right to restrict processingNo
Right to portabilityNo
Right to access dataNo
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outNo
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read DOPPA

Virginia Consumer Data Protection Act (VCDPA)

Effective date: January 1, 2023

On March 3, 2021, VA S 1392, the Virginia Consumer Data Protection Act (VCDPA) was signed into law. In our compliance guide, we discuss all that you need to know about the Virginia Consumer Data Protection Act, including who it applies to, how it defines “personal data,” the rights that it provides to consumers, and its enforcement mechanisms so that you can be ahead of the curve on preparing for this law.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byVirginia Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the VCDPA or Read Our VCDPA Compliance Guide 

Colorado Privacy Act

Effective date: July 1, 2023

The Colorado Privacy Act (SB190) is a privacy law that was signed into law on July 8, 2021 to protect the privacy of residents of Colorado. The law achieves this goal by providing privacy rights to residents of Colorado, requiring certain websites to have a Privacy Policy and imposes heavy fines for failure to comply.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byColorado Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the Colorado Privacy Act or Read our Colorado Privacy Act Compliance Guide

Utah Consumer Privacy Act

Effective date: December 31, 2023

On March 25, 2022 Utah became the sixth state to enact a comprehensive privacy law, the Utah Consumer Privacy Act. This law provides new consumer privacy rights to residents of Utah and imposes various privacy obligations upon certain businesses, such as the requirement to have a comprehensive Privacy Policy.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byUtah Attorney General
Right to correct dataNo
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read the Utah Consumer Privacy Act or Read our Utah Consumer Privacy Act Compliance Guide

Connecticut SB6

Effective date: July 1, 2023

On May 11, 2022, Connecticut joined the ranks of California, Utah, Colorado, Virginia, Nevada, and Delaware by passing its own privacy law, Connecticut SB6. This new law went into effect on July 1, 2023 and provides residents of Connecticut with new privacy rights, as well as requires certain websites to have a Privacy Policy that makes the disclosures required by this law.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byConnecticut Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read Connecticut SB6 or Read our Connecticut SB6 Compliance guide

Upcoming Privacy Laws in the United States

Since new privacy laws are passed all of the time, you cannot just have a Privacy Policy that complies with today’s privacy laws, you must also have a strategy for keeping it up to date with new laws. Termageddon will update client policies for the following privacy laws prior to their effective date: 

Iowa SF262

Effective date: January 1, 2025

On March 28, 2023, the Governor of Iowa signed Iowa SF262, having the state join other states such as California, Colorado, Utah, Virginia, and Connecticut with a comprehensive state privacy law. This new law will go into effect on January 1, 2025 and will provide residents of Iowa with new privacy rights, and require businesses to have a Privacy Policy that makes the disclosures required by this law.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byIowa Attorney General
Right to correct dataNo
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read Iowa SF262 or Read our Iowa SF262 Compliance Guide

Indiana SB5

Effective date: July 1, 2026

On May 1, 2023, the Governor of Indiana signed Indiana SB5, which is a comprehensive state privacy law that requires certain businesses to have a Privacy Policy that has specific disclosures, provides privacy rights to residents of Indiana and requires businesses to meet specific requirements to protect privacy. This new law will go into effect on July 1, 2026 and businesses that need to comply with this law should start their preparations now to ensure that they are compliant by the effective date. 

Read Indiana SB5 or Read our Indiana SB5 Compliance Guide 

Tennessee Information Protection Act (TIPA)

Effective date: July 1, 2025

On May 15, 2023, the Tennessee HB1181 was enrolled into law, enacting the Tennessee Information Protection Act (TIPA). TIPA was passed to protect the privacy of residents of Tennessee by providing them with privacy rights and imposing certain requirements, such as having a Privacy Policy upon businesses. This new law will go into effect on July 1, 2025 so businesses who need to comply should start their compliance efforts now. 

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byTennessee Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read the TIPA or Read our TIPA Compliance Guide 

Montana Consumer Data Privacy Act (MCDPA)

Effective date: October 1, 2024

On May 23, 2023 the Montana Consumer Data Privacy Act (MCDPA) was enacted, providing the residents of Montana with privacy rights and protections. This law will go into effect on October 1, 2024, imposing requirements such as having a Privacy Policy on businesses that need to comply with this law.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byMontana Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the MCDPA or Read our MCDPA Compliance Guide

Texas Data Privacy and Security Act (TDPSA)

Effective date: July 1, 2024

On June 18, 2023, the Governor of Texas signed the Texas Data Privacy and Security Act (TDPSA) into law, providing residents of Texas with privacy rights and imposing privacy requirements on businesses. This law will go into effect on July 1, 2024 so businesses that need to comply with this law should begin their compliance efforts now to avoid heavy fines. 

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byTexas Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the TDPSA or Read our TDPSA Compliance Guide 

Oregon Consumer Privacy Act (OCPA)

Effective date: July 1, 2024

On July 18, 2023, the Governor of Oregon signed Oregon SB619 into law, which is a comprehensive state privacy law that provides privacy rights to residents of Oregon and imposes requirements for the collection, use and sharing of personal information on businesses. This law will go into effect on July 1, 2024 and adds Oregon to the state privacy law patchwork of the United States. 

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byOregon Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the OCPA or Read our OCPA Compliance Guide

Delaware Personal Data Privacy Act (DPDPA)

Effective date: January 1, 2025

On September 11, 2023, the Governor of Delaware signed DE H 154, passing the Delaware Personal Data Privacy Act (DPDPA), providing residents of Delaware with privacy rights and requiring businesses that need to comply with the law to meet certain obligations. This privacy law will go into effect on January 1, 2025 so businesses should start work to adapt their privacy programs to this new law as soon as possible.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byDelaware Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the DPDPA or Read our DPDPA Compliance Guide

NJ SB 332

Effective date: January 16, 2025

On January 16, 2024, the Governor of New Jersey signed NJ SB 332, making New Jersey the 14th state to pass a privacy law that provides individuals with comprehensive privacy protections. This law will take effect in 365 days from enactment (on January 16, 2025) and will provide privacy rights to residents of New Jersey, as well as require certain businesses to have a comprehensive Privacy Policy and to follow the requirements.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byNew Jersey SB332
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes

Read the NJ SB 332 or Read our NJ SB 332 Compliance Guide

New Hampshire SB 255

Effective date: January 1, 2025

On March 7, 2024 the Governor of New Hampshire signed NH SB 255, and will protect the privacy of residents of New Hampshire by providing them with new rights and by including a requirement for certain businesses to provide a comprehensive Privacy Policy to consumers.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byNew Hampshire Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes


Read the NH SB 255 or Read our NH SB 255 Compliance Guide

Kentucky HB15

Effective date: January 1, 2026

The Governor of Kentucky signed Kentucky HB15, and will protect the privacy of residents of Kentucky by providing them with new rights and by including a requirement for certain businesses to provide a comprehensive Privacy Policy to consumers.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byNew Hampshire Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes
Read the KY HB15 or Read our KY HB15 Compliance Guide

Nebraska Data Privacy Act (LB 1074)

Effective date: January 1, 2025

the Governor of Nebraska signed NE LB1074, enacting the Nebraska Data Privacy Act. This comprehensive privacy law will go into effect on January 1, 2025 and will provide privacy rights to residents of the State as well as impose compliance requirements on businesses that need to comply with this privacy law, such as the requirement to have a comprehensive Privacy Policy.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byNebraska Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationYes
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes
Read the NE LB1074 or Read our NE LB1074 Compliance Guide

Maryland Online Data Privacy Act of 2024

Effective date: October 1, 2025

The Governor of Maryland signed MD SB541, enacting the Maryland Online Data Privacy Act of 2024. This law will go into effect on October 1, 2025 and will provide privacy rights to residents of the State and will impose various compliance obligations on businesses such as the requirement to have a comprehensive Privacy Policy that includes all of the disclosures enumerated in this privacy law.

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesNo
Enforced byMaryland Attorney General
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingYes
Read the MD HB567 or Read our MD HB567 Compliance Guide

European Union/European Economic Area Privacy Laws 

General Data Protection Regulation (GDPR)

Effective date: May 25, 2018

The General Data Protection Regulation (GDPR) is a privacy law that went into effect on May 25, 2018, with the goal of protecting the personal information of residents of the European Union. As arguably the most comprehensive and most frequently enforced privacy law in the world, GDPR provides extensive privacy rights to consumers, requires certain websites to have a Privacy Policy that makes specific disclosures and has a broad application, applying to websites all over the world.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerYes
Applies to small businessesYes
Enforced byData Protection Authorities
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationNo
Right to withdraw consentYes
Right to opt-outYes
Opt-in consent requiredYes
Restrictions on profiling and/or automated decision-makingYes

Read the GDPR or Read our GDPR Compliance Guide 

United Kingdom

United Kingdom Data Protection Act (UK DPA)

Effective date: May 25, 2018 

The United Kingdom Data Protection Act (UK DPA) is a key piece of legislation that governs the protection of personal data within the UK. It sets out the framework for data protection law, ensuring that personal information is used fairly, lawfully, and transparently. The Act establishes the rights of individuals regarding their personal data, including access, correction, and the right to be forgotten. It also outlines the obligations of businesses and organizations in handling personal data, such as obtaining valid consent for its use and implementing adequate security measures.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerYes
Applies to small businessesYes
Enforced byData Protection Authorities
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataYes
Prohibits discriminationNo
Right to withdraw consentYes
Right to opt-outYes
Opt-in consent requiredYes
Restrictions on profiling and/or automated decision-makingYes

Read the UK DPA 

Canada 

Personal Information Protection and Electronic Documents Act (PIPEDA)

Effective date: January 1, 2001

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a privacy law that was enacted to protect the privacy rights of Canadians. PIPEDA achieves this goal by providing Canadians with rights with regard to their personal information, requiring certain websites to have a Privacy Policy and imposing heavy fines for failure to comply.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerYes
Applies to small businessesYes
Enforced byInformation Commissioner of Canada
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentYes
Right to opt-outYes
Opt-in consent requiredYes
Restrictions on profiling and/or automated decision-makingNo

Read the PIPEDA or Read our PIPEDA Compliance Guide 

Quebec Law 25

Effective date: September 1, 2023

After much debate regarding whether Canada’s federal privacy bill, the Personal Information Protection and Electronic Documents Act (PIPEDA), offers sufficient privacy protections for consumers, Quebec passed a new privacy law, Quebec Law 25 (previously Quebec Bill 64). While Quebec already had a privacy law, the Act Respecting the Protection of Personal Information in the Private Sector, Canada’s legislature considered that law to be substantially similar to PIPEDA.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerYes
Applies to small businessesYes
Enforced byInformation Commissioner of Quebec
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredYes
Restrictions on profiling and/or automated decision-makingYes

Read the Quebec Law 25 or Read our Quebec Law 25Compliance Guide 

Australia 

Australia Privacy Act of 1988

Effective date: January 1, 1989

The Australia Privacy Act 1988 is a privacy law that was enacted to protect the personal information and privacy rights of Australians online. This law requires certain websites to have a Privacy Policy that makes specific disclosures and provides Australians with privacy rights that website operators must respect.

Details:

Requires a Privacy Policy?Yes
Requires cookie consent bannerNo
Applies to small businessesYes
Enforced byAustralian Information Commissioner
Right to correct dataYes
Right to restrict processingYes
Right to portabilityYes
Right to access dataYes
Right to delete dataNo
Prohibits discriminationNo
Right to withdraw consentNo
Right to opt-outYes
Opt-in consent requiredNo
Restrictions on profiling and/or automated decision-makingNo

Read the Australia Privacy Act of 1988 or Read our Australia Privacy Act of 1988 Compliance Guide

Ensure your compliance with privacy laws

Tracking of privacy bills and updating policies It is important to note that a key feature of the Termageddon service is the tracking of proposed privacy bills. Every year, we track dozens of privacy bills across the areas we cover, notify customers once a privacy bill has been passed into law and update policies accordingly.

If you do not currently have a comprehensive Privacy Policy or do not have a strategy to keep it up to date with changing legislation, make sure to check out the Termageddon Privacy Policy generator.

If you are unsure as to what privacy laws apply to you, don’t worry – Termageddon’s Privacy Policy generator includes a Privacy Law Identifier which will ask you a series of simple questions to help determine which laws apply to you. If you already know which laws apply to you and/or just want to make sure that you are covered when using Termageddon, below is the list of privacy laws that Termageddon covers: 

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy

Culture

Disclaimer

EULA

How To's

Privacy Policy

Terms of Service

Subscribe for Updates
  • This field is for validation purposes and should be left unchanged.