Explore Legal.io

For Clients
Legal.io company logo
Hire Talent
Find the best fit for any legal role
For Members
Jobs
The best legal jobs, updated daily
Salaries
Benchmark compensation for any legal role
Learn
Learn and grow with our community
Events
Connect with peers at exclusive events
Apps
Tools to streamline legal work
Advertise on Legal.io
Post a job for free
Reach more qualified applicants quickly
Advertise with Us
Reach a targeted audience

For Clients

Hire Talent
Legal.io company logo
Solutions
Find the best fit for any legal role
New Hire
Get highly qualified candidates in days
Popular Roles
Data & Tools
Budget Calculator
Plan and manage your legal budget
Salary Insights
Compensation data for legal roles
Vendor Directory
The ultimate list of legal tech tools

States Adopt New Privacy Laws in 2024

A total of 15 states have taken action to protect consumers’ personal data and regulate businesses’ use of this data. The latest states are Texas, Oregon, and Montana.

States Adopt New Privacy Laws in 2024

In an era where data is the new oil, privacy laws are becoming increasingly important. As of Q1 of 2024, Texas, Oregon, and Montana have joined the growing list of states with active consumer privacy laws. These new laws grant protections for consumers and impose requirements on companies collecting consumer personal data.

Texas Data Privacy and Security Act (TDPSA)

The TDPSA, to be enforced starting July 1, 2024, applies to anyone who conducts business in Texas or produces products or services consumed by Texans and engages in the processing or sale of personal data. 

The TDPSA is unique because it applies to companies outside the state even if they do not target Texas consumers. There is no minimum number of Texas residents whose data is processed before a business is subject to the requirements of the law. However, small businesses are exempt unless they sell sensitive data. 

The TDPSA grants residents a number of familiar rights. These rights include the right to confirm whether a controller is processing personal data and access the personal data, correct inaccuracies in their personal data, delete personal data provided by or obtained about the consumer. Texans can also obtain a copy of their personal data, if available, in a portable and readily usable format, and opt out of processing personal data for targeted advertising, the sale of personal data, or its use for profiling.

Oregon Consumer Privacy Act (OCPA)

The OCPA, which will take effect from July 1, 2024, applies to any company that conducts business in Oregon or produces products or services targeted to Oregon residents and, during a calendar year, controls or processes the personal data of at least 100,000 Oregon residents or controls or processes the personal data of at least 25,000 Oregon residents while deriving more than 25% of its gross revenue from the sale of personal data. 

It does not apply to information subject to HIPAA or the GLBA or to personal data processed solely for the purpose of completing a payment transaction. The OCPA grants Oregon residents similar consumer rights as other states, including the right to access, correct, delete, and port personal information.

Montana Consumer Data Privacy Act (MCDPA)

The MCDPA, taking effect on October 1, 2024, applies to anyone that conducts business in Montana or produces products or services targeted to Montana and either controls or processes the personal data of at least 50,000 consumers (excluding personal data controlled or processed solely for the purpose of completing a payment transaction). Or if someone controls or processes the personal data of at least 25,000 consumers and derives more than 25% of gross revenue from the sale of personal data.

Overview of Other States’ Privacy Laws

As of February 2024, 14 states - California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia - have enacted privacy laws designed to increase protections for consumers’ personal data, provide consumers with certain rights to control their personal data, and regulate businesses’ use of consumers’ personal data, including sensitive personal data. 

These laws grant protections for consumers and impose requirements on companies collecting consumer personal data. While companies whose privacy programs already comply with existing data privacy laws will not have to make significant changes, companies considering data privacy laws for the first time will need to update their privacy policies and develop and implement new processes before the laws take effect.

As privacy laws continues to pop up, it is crucial for businesses to stay informed and adapt their practices accordingly. The enactment of these laws in Texas, Oregon, and Montana is a step towards greater consumer data protection in the United States.

Legal.io Logo
Welcome to Legal.io

Connect with peers, level up skills, and find jobs at the world's best in-house legal departments

More from Legal.io

Extraordinary and Outstanding Immigrants – the EB-1 Visa

Although the Employment Based (“EB”) categories may change with the new CIR bill introduced just several weeks ago, there is no guarantee that the EB changes or the bill in its entirety will pass.

Extraordinary and Outstanding Immigrants – the EB-1 Visa
Immigration
eDiscovery company DISCO goes public

CS Disco Inc., the Texas-based provider of legal document review and eDiscovery services, went public today on the New York Stock Exchange (NYSE) and will be traded under the “LAW” symbol.

eDiscovery company DISCO goes public
Legal Software
California State Bar Sets Precedent with New Ethics Guidelines for AI Use in Legal Practice

The five pages of ethics guidelines will help attorneys with implementing AI practices into their legal careers.

California State Bar Sets Precedent with New Ethics Guidelines for AI Use in Legal Practice
Legal OperationsTechnologyGovernment
Google / Ironclas Legal Ops Veteran Mary O’Carroll Appointed New COO

Mary O’Carroll, the former head of Google’s legal operations, has joined Goodwin as Chief Operating Officer, bringing her extensive experience in legal operations and technology to the firm.

Law Firms
50 interview questions for a legal job you should be prepared to answer

You can nail that legal interview with a little bit of preparation!

50 interview questions for a legal job you should be prepared to answer
Career
Dealing with 221(g) Issues from the Consulate

In this week’s article, we explore one common issue that happens to non-citizens seeking entry into the United States from abroad.

Dealing with 221(g) Issues from the Consulate
Immigration
Negative Reviews: Their Hidden Benefits and How To Manage Them

A peak inside how the best attorneys handle negative online reviews

Negative Reviews: Their Hidden Benefits and How To Manage Them
TechnologyCareer
Former Twitter GC Sean Edgett Joins Upside Foods as its first Chief Legal Officer

Upside Foods, a leader in lab-cultivated "no kill" meat production, has appointed Sean Edgett, former General Counsel at Twitter, as its first Chief Legal Officer.

Former Twitter GC Sean Edgett Joins Upside Foods as its first Chief Legal Officer
General Counsel
Legal.io Logo
Welcome to Legal.io

Connect with peers, level up your skills, and find jobs at the world's best in-house legal departments