With only a month left in 2025, businesses that handle consumer data should be preparing for three new state privacy laws taking effect on January 1 in Indiana, Kentucky, and Rhode Island. Each law fits within the growing patchwork of U.S. privacy regulation, but the applicability thresholds differ enough that companies may find themselves covered in one state but not another.

Maryland just added another square to the patchwork quilt of state laws with the Maryland Online Data Privacy Act (MODPA), which takes effect October 1, 2025. If you sell to Marylanders, advertise there, or have users signing up from Maryland, this law just landed on your compliance roadmap.

You may be out of the office, but regulators aren't taking time off. July brings key compliance deadlines every business should be tracking. Tennessee’s privacy law took effect July 1, giving consumers data rights. Minnesota’s privacy law follows on July 31.

If you're a parent, you've probably heard “Can I download this game?” more times than you can count. It may seem harmless, but behind that button lies a world of data collection—especially when the user is a child. To address this, the FTC rolled out major updates to the Children’s Online Privacy Protection Act (COPPA) on April 22, 2025, aiming to give parents greater control over how personal information is collected from children under 13 online.