How New State Privacy Laws Shape Privacy Training in 2025
In 2025, the landscape of state privacy laws in the United States is undergoing significant transformation, directly influencing organizational training requirements. With eight new state privacy laws coming into effect, businesses must adapt to a more complex regulatory environment.
The Growing Weight of Privacy Laws
Privacy laws are no longer a distant thought for businesses; they’ve become a front-and-center priority. The rapid changes in state legislation have sparked a critical need for organizations to keep their workforce trained and ready. The big question for 2025: How do these laws change what employees need to know?
Legislative Shifts You Need to Know About
In 2025, eight states are rolling out new privacy regulations that will set fresh expectations for businesses. These laws come with varying applicability thresholds, making it essential for companies to understand their obligations clearly. Key effective dates and thresholds include:
- Iowa (January 1, 2025): Applies to businesses processing data for 100,000+ consumers or 25,000+ consumers and generating 50%+ revenue from data sales.
- Delaware (January 1, 2025): Targets companies processing data for 35,000+ consumers or 10,000+ consumers and 20%+ revenue from personal data sales.
- Nebraska (January 1, 2025): Covers businesses processing or selling personal data unless classified as small businesses under the federal Small Business Act.
- New Hampshire (January 1, 2025): Affects businesses controlling data for 100,000+ consumers or 25,000+ consumers and earning 25%+ revenue from personal data sales.
- New Jersey (January 15, 2025): Focuses on businesses processing data for 100,000+ consumers or 25,000 consumers and deriving any revenue from personal data sales.
- Tennessee (July 1, 2025): Targets businesses with $25M+ annual revenue controlling data for 175,000+ consumers or 25,000+ consumers and generating 50%+ revenue from data sales.
- Minnesota (July 31, 2025): Applies to businesses processing data for 100,000+ consumers or 25,000 consumers and earning 25%+ revenue from personal data sales.
- Maryland (October 1, 2025): Focuses on businesses controlling data for 35,000+ consumers or 10,000 consumers and earning 20%+ revenue from personal data sales.
Maryland: A Standout Among 2025 Privacy Laws
Maryland’s Online Data Privacy Act introduces unique requirements. The law limits data collection to what is “reasonably necessary and proportionate” for providing or maintaining a consumer-requested product or service. This goes beyond the purpose limitations seen in other states and further tightens controls on the use of personal information.
Synthesizing the State Privacy Laws
It is impractical for your workforce to know the details about each state privacy law. That’s where we can help. Professor Solove has studied all the laws and has identified their common elements and key differences. We have training that brings everything together and makes the legal landscape simple to understand. We also have resources about each law and all the laws collectively.
Since its founding by Professor Daniel J. Solove in 2010, TeachPrivacy has provided training for hundreds of organizations, boutique to Fortune 500, both nationwide and globally. A leading international expert in privacy law, Solove is a law professor at George Washington University Law School, has authored more than 10 books and more than 50 articles, as well as given lectures around the world. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.