The European Union’s General Data Protection Regulation (GDPR) was enacted in May 2018. Since then, many states within the U.S. have been following the EU’s lead with their own version of citizens’ data protection and privacy legislation. Until recently, corporate (i.e. sales and marketing) attitudes towards mass data collection have been the more the merrier.

This paper addresses the genesis of these U.S. states’ consumer data protection laws, some commonalities of this legislation, and finally best-practices for maintaining good security posture across your enterprise that will give your organization its best chance for reducing risk of data breaches and achieving compliance with data protection and privacy policies globally and locally.