2023 Updates to Data Privacy Laws

Spiral bound notebook with "Data Privacy Laws 2023 UPDATES" written on the pageDid you know that in 2023, more than a billion people globally welcomed the Vietnamese Year of the Cat? In 1976, Al Stewart’s song, Year of the Cat, was released and made it to number eight on the charts.

In 2023, the title might be Year of Data Privacy Laws. The title isn’t exactly the cat’s meow, but it definitely tells it like it’s been and will continue to be throughout the coming year. Even though data privacy laws have continued to change and tighten over the years, recent updates have been significant and more updates are expected.

Being familiar with current and new privacy laws is vital to your company’s compliance with privacy laws, so we’re here to help with our guide to the updates.


The state data privacy laws already in place in 2023 are The California Privacy Rights Act (CPRA) and Virginia’s Consumer Data Protection Act (CDPA).

Later this year, the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Acts will be implemented, and other states are expected to follow suit. These laws are strongly influenced by the European Union’s General Data Protection Regulation (GDPR) and are intended to give individuals the:

  • Right to Access their personal information
  • Right to Correct any errors or inaccuracies made in their personal information
  • Right to Delete their personal information from the controller’s database
  • Right of Non-Discrimination for exercising their privacy act rights
  • Opt-out Right for their personal information to be shared, sold, or targeted for advertising
  • Right to Appeal in the event that a business denies any of the previous requests

These laws affect controllers of information, such as businesses, who determine the purpose for which and the means by which personal information is processed.

Processors and Service Providers

All states require controllers to enter into contracts with “processors,” the parties that process personal data on the controller’s behalf, and hold the controllers responsible for protecting information with at least reasonable data security.


It’s vital to take note of and follow updated privacy laws because they not only affect the integrity of your business and customers’ information, but non-compliance can also be very expensive to your bottom line as well as your business reputation. Neglecting to conform to Connecticut’s data privacy laws can result in a $5,000 fine for willful violation and up to a $25,000 fine for violating restraining orders or injunctions. Utah and Virginia’s civil penalties for noncompliance can reach up to $7,500 per violation. Colorado’s penalties be as high as $20,000 per violation.


Data protection laws include the process of disposing of personally identifiable information (PII), whether it be on paper or in digital form. When private information is disposed of at the customer’s request or at the end of its life, the controller must ensure that it is properly destroyed in accordance with existing privacy laws.

Richards and Richards’ paper, hard drive, and media shredding is compliant with all existing and updated privacy laws. Our team, facility, and services meet all NAID AAA Certification requirements, offering you the best data privacy protection needed to comply with federal and state laws. For help with your shredding needs, simply call us at 615-242-9600 or complete the form on this page. Our shredding and compliance experts are standing by!

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Request an Immediate Shredding Quote

Newsletter Signup

  • This field is for validation purposes and should be left unchanged.