# Purview State Privacy Law Guides

> Comprehensive compliance guides for all 20 US state privacy laws.

## Guides

- [California Privacy Law (CCPA/CPRA) Compliance Guide for Small Businesses](https://getpurview.com/guides/california-privacy-law.md) — CCPA/CPRA applies to for-profit businesses meeting any one of: $25M+ revenue, 100K+ California consumers, or 50%+ revenue from data sales.
- [Colorado Privacy Law (CPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/colorado-privacy-law.md) — Colorado CPA applies to businesses processing data of 100,000+ Colorado consumers annually. No revenue threshold. GPC signals must be honored.
- [Connecticut Privacy Law (CTDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/connecticut-privacy-law.md) — Connecticut CTDPA has one of the lowest thresholds in the US: 35,000 consumers, no revenue minimum, and a 25% data sale revenue trigger.
- [Delaware Privacy Law (DPDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/delaware-privacy-law.md) — Delaware DPDPA has some of the lowest thresholds in the US: 35,000 consumers, no revenue minimum, and a 20% data sale revenue trigger with just 10K consumers.
- [Florida Privacy Law (FDBR) Compliance Guide for Small Businesses](https://getpurview.com/guides/florida-privacy-law.md) — Florida's Digital Bill of Rights requires $1 billion in annual revenue. It almost certainly does NOT apply to small or mid-size businesses.
- [Indiana Privacy Law (INCDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/indiana-privacy-law.md) — Indiana INCDPA takes effect January 1, 2026. It applies to businesses processing data of 100,000+ Indiana consumers annually with no revenue threshold.
- [Iowa Privacy Law (ICDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/iowa-privacy-law.md) — Iowa ICDPA took effect January 1, 2025. It applies to businesses processing data of 100,000+ Iowa consumers annually with no revenue threshold.
- [Kentucky Privacy Law (KCDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/kentucky-privacy-law.md) — Kentucky KCDPA takes effect January 1, 2026. It applies to businesses processing data of 100,000+ Kentucky consumers annually with no revenue threshold.
- [Maryland Privacy Law (MODPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/maryland-privacy-law.md) — Maryland MODPA has the strictest data minimization in the US: 35,000 consumer threshold, no revenue floor, plus mandatory secondary use limitations.
- [Minnesota Privacy Law (MNDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/minnesota-privacy-law.md) — Minnesota MNDPA took effect July 31, 2025. It applies to businesses processing data of 100,000+ Minnesota consumers and includes automated decision rights.
- [Montana Privacy Law (MCDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/montana-privacy-law.md) — Montana MCDPA took effect October 1, 2024. It applies to businesses processing data of 50,000+ Montana consumers — lower than the standard 100,000 threshold.
- [Nebraska Privacy Law (NDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/nebraska-privacy-law.md) — Nebraska NDPA took effect January 1, 2025. It applies to businesses processing data of 100,000+ Nebraska consumers annually with no revenue threshold.
- [New Hampshire Privacy Law (NHPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/new-hampshire-privacy-law.md) — New Hampshire NHPA took effect January 1, 2025. It has a low 35,000 consumer threshold with no revenue minimum and a 25% data sale trigger.
- [New Jersey Privacy Law (NJDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/new-jersey-privacy-law.md) — New Jersey NJDPA took effect January 15, 2025. It applies to businesses processing data of 100,000+ NJ consumers annually with no revenue threshold.
- [Oregon Privacy Law (OCPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/oregon-privacy-law.md) — Oregon OCPA took effect July 1, 2024. It applies to businesses processing data of 100,000+ Oregon consumers and uses a low 25% data sale threshold.
- [Rhode Island Privacy Law (RIDPPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/rhode-island-privacy-law.md) — Rhode Island RIDPPA takes effect January 1, 2026. It has a low 35,000 consumer threshold with a 10K + 20% data sale secondary trigger.
- [Tennessee Privacy Law (TIPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/tennessee-privacy-law.md) — Tennessee TIPA took effect July 1, 2025. It requires $25M+ revenue AND 175,000+ Tennessee consumers — among the most business-friendly thresholds.
- [Texas Privacy Law (TDPSA) Compliance Guide for Small Businesses](https://getpurview.com/guides/texas-privacy-law.md) — Texas TDPSA has no revenue threshold. It applies to any business processing data of 100,000+ Texas consumers annually, regardless of company size.
- [Utah Privacy Law (UCPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/utah-privacy-law.md) — Utah UCPA requires $25M+ revenue AND 100,000+ Utah consumers (AND logic). It is among the most business-friendly state privacy laws.
- [Virginia Privacy Law (VCDPA) Compliance Guide for Small Businesses](https://getpurview.com/guides/virginia-privacy-law.md) — VCDPA applies to businesses processing data of 100,000+ Virginia consumers annually. There is no revenue threshold — consumer count alone triggers scope.

---

Check which laws apply to your business: [Take the free quiz](https://app.getpurview.com/quiz)