Skip to content
Fey LLC, Attorneys at Law
State Privacy Laws

A Hot Privacy Summer: Update on State Comprehensive Privacy Law Enforcement Dates

By Will Davis, Associate Attorney and Blake Lines, Associate Attorney

As summer 2023 heats up, so does the state privacy law landscape. Multiple state comprehensive privacy laws have entered or are approaching their enforcement phases, and California continues to generate uncertainty about when its updated regulations will be enforced.

Current Enforcement Status

StateLawEnforcement Date
CaliforniaCCPA/CPRA (statutory)Immediate
CaliforniaCPRA (regulations)~March 29, 2024*
VirginiaVCDPAJanuary 1, 2023
ColoradoCPAJuly 1, 2023
ConnecticutCTDPAJuly 1, 2023
UtahUCPADecember 31, 2023

*Subject to pending appeal, see below.

California: Ongoing Enforcement Uncertainty

A Sacramento Superior Court ruling from June 30, 2023 determined that enforcement of the updated CCPA regulations, finalized by the California Privacy Protection Agency (CPPA) on March 29, 2023, must be delayed 12 months from the date of finalization. This would push regulation enforcement to approximately March 29, 2024.

Important caveats:

  • The CPPA and AG have appealed the ruling, so the timeline may change
  • The statutory CCPA/CPRA provisions and pre-CPRA regulations remain enforceable immediately
  • The court ruling affects only the March 2023 regulations, not the underlying law

The CPPA has also scheduled an enforcement agenda for its July 14, 2023 board meeting, signaling continued regulatory activity.

Compliance Recommendations

Given the multi-state privacy law landscape, organizations should:

  1. Identify which laws apply: Determine which state privacy laws cover your organization based on consumer population thresholds and revenue
  2. Prioritize enforcement-ready laws: Focus immediate compliance efforts on Virginia, Colorado, and Connecticut, which are currently being enforced
  3. Prepare for Utah: Utah’s UCPA takes effect December 31, 2023
  4. Monitor California: Track the CPPA appeal while ensuring statutory CCPA/CPRA compliance is in place
  5. Build a scalable program: Design your privacy program to accommodate additional state laws efficiently

For a comprehensive state-by-state compliance roadmap, see our earlier post, Winter Is Coming: 10 Steps Organizations Should Be Taking Now.

#CCPA#CPRA#Colorado#Virginia#Connecticut#Utah#enforcement#state privacy#compliance

Need privacy guidance?

Fey LLC helps organizations navigate complex data privacy and cybersecurity challenges.

Contact Us
Back to Insights