State Privacy Law Guides

Colorado Privacy Law (CPA) Compliance Guide for Small Businesses

Colorado CPA applies to businesses processing data of 100,000+ Colorado consumers annually. No revenue threshold. GPC signals must be honored.

11 min readRead guide

Connecticut Privacy Law (CTDPA) Compliance Guide for Small Businesses

Connecticut CTDPA has one of the lowest thresholds in the US: 35,000 consumers, no revenue minimum, and a 25% data sale revenue trigger.

11 min readRead guide

Delaware Privacy Law (DPDPA) Compliance Guide for Small Businesses

Delaware DPDPA has some of the lowest thresholds in the US: 35,000 consumers, no revenue minimum, and a 20% data sale revenue trigger with just 10K consumers.

Florida Privacy Law (FDBR) Compliance Guide for Small Businesses

Florida's Digital Bill of Rights requires $1 billion in annual revenue. It almost certainly does NOT apply to small or mid-size businesses.

Indiana Privacy Law (INCDPA) Compliance Guide for Small Businesses

Indiana INCDPA takes effect January 1, 2026. It applies to businesses processing data of 100,000+ Indiana consumers annually with no revenue threshold.

Iowa Privacy Law (ICDPA) Compliance Guide for Small Businesses

Iowa ICDPA took effect January 1, 2025. It applies to businesses processing data of 100,000+ Iowa consumers annually with no revenue threshold.

Kentucky Privacy Law (KCDPA) Compliance Guide for Small Businesses

Kentucky KCDPA takes effect January 1, 2026. It applies to businesses processing data of 100,000+ Kentucky consumers annually with no revenue threshold.

Maryland Privacy Law (MODPA) Compliance Guide for Small Businesses

Maryland MODPA has the strictest data minimization in the US: 35,000 consumer threshold, no revenue floor, plus mandatory secondary use limitations.

10 min readRead guide

Minnesota Privacy Law (MNDPA) Compliance Guide for Small Businesses

Minnesota MNDPA took effect July 31, 2025. It applies to businesses processing data of 100,000+ Minnesota consumers and includes automated decision rights.

Montana Privacy Law (MCDPA) Compliance Guide for Small Businesses

Montana MCDPA took effect October 1, 2024. It applies to businesses processing data of 50,000+ Montana consumers — lower than the standard 100,000 threshold.

Nebraska Privacy Law (NDPA) Compliance Guide for Small Businesses

Nebraska NDPA took effect January 1, 2025. It applies to businesses processing data of 100,000+ Nebraska consumers annually with no revenue threshold.

New Hampshire Privacy Law (NHPA) Compliance Guide for Small Businesses

New Hampshire NHPA took effect January 1, 2025. It has a low 35,000 consumer threshold with no revenue minimum and a 25% data sale trigger.

New Jersey Privacy Law (NJDPA) Compliance Guide for Small Businesses

New Jersey NJDPA took effect January 15, 2025. It applies to businesses processing data of 100,000+ NJ consumers annually with no revenue threshold.

Oregon Privacy Law (OCPA) Compliance Guide for Small Businesses

Oregon OCPA took effect July 1, 2024. It applies to businesses processing data of 100,000+ Oregon consumers and uses a low 25% data sale threshold.

Rhode Island Privacy Law (RIDPPA) Compliance Guide for Small Businesses

Rhode Island RIDPPA takes effect January 1, 2026. It has a low 35,000 consumer threshold with a 10K + 20% data sale secondary trigger.

Tennessee Privacy Law (TIPA) Compliance Guide for Small Businesses

Tennessee TIPA took effect July 1, 2025. It requires $25M+ revenue AND 175,000+ Tennessee consumers — among the most business-friendly thresholds.

10 min readRead guide

Texas Privacy Law (TDPSA) Compliance Guide for Small Businesses

Texas TDPSA has no revenue threshold. It applies to any business processing data of 100,000+ Texas consumers annually, regardless of company size.

12 min readRead guide

Utah Privacy Law (UCPA) Compliance Guide for Small Businesses

Utah UCPA requires $25M+ revenue AND 100,000+ Utah consumers (AND logic). It is among the most business-friendly state privacy laws.