New State Privacy Impact Assessment (PIA/DPIA) Requirements - Now in Force

When the page turned on 2024, eight new U.S. state privacy laws went into effect, or are poised to do so by midsummer of this year. Seven of these – Delaware, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Tennessee— will all require businesses to complete data protection (aka privacy impact) assessments for processing activities that present a heightened risk of harm, including the processing of sensitive information. While the baseline of all these new requirements is similar to existing state privacy laws, nuances exist, and privacy compliance teams should pay careful attention to the specific elements of each law while crafting policies and developing procedures.

Click here for the event recording.