us-state-privacy-skills

California consumer privacy rights workflow implementation under CCPA/CPRA. Covers right to know, delete, opt-out of sale/sharing, correct, and limit sensitive PI processing. Includes 45-day response timelines, identity verification procedures, and authorized agent handling.

Complete CCPA/CPRA compliance implementation covering California Civil Code §1798.100-199. Includes consumer rights framework, business obligations, service provider and contractor requirements, enforcement mechanisms, and CPPA rulemaking. Triggers on CCPA, CPRA, California privacy, consumer rights.

Colorado Privacy Act (CPA) compliance implementation. Covers universal opt-out mechanism required since July 2024, profiling opt-out rights, sensitive data consent requirements, AG rulemaking under 4 CCR 904-3, and consumer rights framework. Effective July 1, 2023.

Connecticut Data Privacy Act (CTDPA) compliance. Covers consumer rights, controller obligations, dark pattern prohibition, loyalty program exemption, universal opt-out requirement effective January 2025, sensitive data consent, and AG enforcement. Effective July 1, 2023.

CPRA §1798.121 sensitive personal information restrictions and compliance. Covers all 9 sensitive PI categories including SSN, precise geolocation, racial/ethnic origin, biometric, genetic, health, and sex life data. Right to limit use/disclosure, permitted purposes, and implementation.

Kentucky Consumer Privacy Protection Act (KPPA) compliance. Effective January 1, 2026. Covers consumer rights, controller thresholds at 100,000 consumers, sensitive data processing consent, cure period provisions, and AG enforcement framework.

Montana Consumer Data Privacy Act (MTDPA) compliance. Lowest consumer threshold at 50,000 consumers. Covers sensitive data consent, universal opt-out recognition, consumer rights, controller obligations, 60-day cure period, and AG enforcement. Effective October 1, 2024.

Multi-state harmonized privacy compliance program. Common requirements matrix across all US state privacy laws, state-specific deltas, unified privacy program architecture, and implementation strategy for operating across California, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and Kentucky.

Oregon Consumer Privacy Act (OCPA) compliance. Unique provisions for de-identified data requirements, employee data partial exemption, nonprofit applicability, 14-day cure period, and consumer rights. Effective July 1, 2024. AG enforcement only.

US state privacy law applicability assessment tool. Evaluates revenue thresholds, data volume thresholds, business exemptions (GLBA, HIPAA, nonprofits), employee data carve-outs, and SBA small business determinations across all enacted state privacy laws.

Texas Data Privacy and Security Act (TDPSA) compliance. No revenue threshold applies to all businesses. Covers data broker registration requirements, biometric identifier provisions under CUBI, consumer rights, AG enforcement, and 30-day cure period. Effective July 1, 2024.

Universal opt-out mechanism implementation across US state privacy laws. Covers Global Privacy Control (GPC) signal technical implementation, state-by-state recognition requirements, browser detection methods, authenticated vs unauthenticated handling, and compliance testing.

Virginia Consumer Data Protection Act (VCDPA) compliance implementation. Covers 5 consumer rights, controller obligations, processor requirements, opt-in for sensitive data, data protection impact assessments, AG enforcement, and cure period provisions. Effective January 1, 2023.