Eight New State Privacy Laws in 2025: What They Mean for Your Business

2025 has marked a turning point for data privacy in the U.S. Eight new state-level laws have or will be rolling out this year, joining California, Colorado, Connecticut, Florida, Indiana, Montana, Oregon, Texas, Utah, and Virginia in creating robust consumer privacy rights.

1. Delaware – Delaware Personal Data Privacy Act (DPDPA), effective January 1, 2025 

2. Iowa – Iowa Consumer Data Protection Act (ICDPA), effective January 1, 2025 

3. Nebraska – Nebraska Data Privacy Act (NDPA), effective January 1, 2025 

4. New Hampshire – New Hampshire Privacy/Data Privacy Act, effective January 1, 2025 

5. New Jersey – New Jersey Data Privacy Act (NJDPA), effective January 15, 2025 

6. Tennessee – Tennessee Information Protection Act (TIPA), effective July 1, 2025 

7. Minnesota – Minnesota Consumer Data Privacy Act (MCDPA), effective July 31, 2025 

8. Maryland – Maryland Online Data Privacy Act (MODPA), effective October 1, 2025 

Next year, Rhode Island joins this group with the Rhode Island Data Transparency and Privacy Protection Act (RIDTIPPA), effective January 1, 2026.

These laws will introduce some GDPR-inspired requirements such as data minimization, algorithmic assessments, and enhanced protections for minors.

For businesses, that means you have a wider net of obligations:

• Expanded consumer rights (like access, correction, and deletion of personal data).

• New requirements for clear disclosures about how you collect, use, and share data.

• Obligations to honor opt-out requests for data sharing or targeted advertising.

• Stricter enforcement penalties if you fall short.

As more states begin to add new rules, it is becoming clear that privacy compliance is the rule, not the exception.

Who is impacted by these changes?

The short answer is “everyone.” Even if your business isn’t based in these states, you may still need to adjust. Most of these new privacy laws include specific thresholds that are often based on revenue, number of customers, or volume of data processed. That means that many small and midsize businesses will not be subject to the laws themselves.

But here’s the catch: if you are a vendor, service provider, or partner to a larger company that is subject to these laws, compliance may still land on your plate. Bigger businesses are increasingly requiring their vendors to meet the same privacy standards through contracts.

So, in practice, that means many SMBs, startups, and tech companies often need to align with these privacy obligations even if the law doesn’t apply to them directly. 

What do you need to do now?

Use this time of change to begin future-proofing your business. Take these steps:

• Audit your data practices: What personal information are you collecting, where does it live, who has access to it, and how long are you keeping it?

• Update your privacy policies: Plain-language disclosures build trust and keep you compliant.

• Strengthen your consent processes: Make it easy for customers or prospects to opt out.

• Train your team: Every employee has a role in protecting customer data, not just those who handle it directly. From recognizing phishing attempts to following security protocols, company-wide awareness reduces risk.

Waiting for regulators or customers to flag an issue means you may be playing catch-up, which can be an expensive game in terms of fines and reputation. Customers are increasingly looking at privacy as part of trust. Falling behind here doesn’t just risk legal penalties; it can cost you customer loyalty and growth opportunities.

Real-life example: One of our clients received a notice from Texas regulators only a few months after that state’s law went into effect, threatening fines for noncompliance. We were able to resolve it with no penalty, but it showed how quickly states are enforcing. Last year, the same client received another letter – this time from New Hampshire. They were given a cure period, but not all states provide that safety net.

These eight new state privacy laws are telling us that data privacy is now central to business trust and growth. Navigating these rules does not have to be overwhelming. Kliebert Law collaborates with you to identify your legal priorities and take care of your day-to-day legal matters so you’re poised for continued growth.

Let’s talk about where you stand. Schedule a free 15-minute consultation with Kliebert Law today to get started.

You can fill out a quick form on our website and our team will be in touch soon!