Utah Senate Bill 70: Consumer Reporting Amendments Explained
Utah joined the list of states in 2025 that have enacted legislation regulating what information can be reported to organizations requesting...
With Verified Credentials' mobile-first candidate experience, you meet candidates where it's most convenient. Learn how easy we make it.
|
Now offering DOT services!Get your drivers on the road quickly and meet DOT regulations. |
Gain clarity about your compliance responsibilities with our new Adverse Action Guide! Use the interactive map to learn what regulations apply in your area.
Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.
Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.
4 min read
Verified Credentials Feb 12, 2025 9:30:00 AM
We kicked off 2025 with five state-level data privacy laws going into effect. Last month, we covered new data privacy policies in Nebraska and Iowa. This article covers the other three new data privacy laws that took effect this January. These laws introduce new consumer rights and requirements for companies handling consumer data in Delaware, New Jersey, and New Hampshire. Below is a high-level overview of each and a few notable differences between them.
The Delaware Personal Data Privacy Act (DPDPA) was signed into law by Governor John Carney on September 11, 2023, and became effective on January 1, 2025.
The DPDPA applies to entities that:
Under the DPDPA, consumers have the right to:
Nonprofit organizations and educational institutions: Unlike most other state privacy laws, Delaware’s law also applies to nonprofit organizations and educational institutions.
Enforcement: The DPDPA does not provide a private right of action. Enforcement authority is also given to the Delaware Department of Justice (as opposed to the Attorney General of the respective state in many state-level data privacy laws).
To read more details about the DPDA, the full text of the law can be found here.
Governor Chris Sununu signed the New Hampshire Data Privacy Act (NHPA) into law on March 6, 2024, and it became effective on January 1, 2025.
The NHPA applies to entities that:
Under the NHPA, consumers have the right to:
New Hampshire’s law has notably specific privacy notice guidelines, requiring controllers to provide consumers with a “reasonably accessible, clear, and meaningful” privacy notice that includes the following information:
“Controllers must also clearly and conspicuously disclose the following:”
More details about employer obligations and consumer rights under NHPA can be found here.
The New Jersey Data Protection Act (NJDPA) was signed into law in early 2024 and went into effect on January 15, 2025. The NJDPA includes exemptions in line with most other state data privacy laws, such as for government agencies and information or data covered by other laws, including the federal Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA).
The NJDPA applies to businesses that:
Under the NJDPA, consumers are granted the right to:
Obligations for controllers: NJDPA outlines controller obligations that are more specific and strenuous than some other state-level data privacy laws:
Highest applicability threshold of the three states, affecting businesses that process data for at least 100,000 consumers or derive over 50% of revenue from data sales.
Enforcement: The law provides a 30-day cure period during which the Attorney General will notify controllers and grant an opportunity to cure (if a cure is deemed possible) prior to bringing an enforcement action. However, this cure period is not permanent and will sunset 18 months after the law takes effect.
For more detailed information about the NJDPA, the full text of the law can be found here.
Seeing five new data privacy laws at the start of the year reinforces a growing trend in consumer data protections and regulations. These laws not only relate to customer data but can also influence how organizations manage candidate information during screening and onboarding processes.
Certain candidate information may be masked, such as returning only the birth year instead of the full date of birth or limiting Social Security Numbers to the last four digits. This could lead to broader searches and delays in screening results, impacting the states with new laws and affecting screening processes for candidates who have lived in the states implementing new data privacy laws.
Staying ahead of evolving privacy laws and regulating how personal data is managed internally helps protect and build trust with employees, candidates, and consumers. Employers should meet with their legal counsel to ensure compliance before acting.
This article is for informational purposes only and does not constitute legal advice. Hiring professionals, HR professionals, and administrators should consult their legal counsel to ensure all actions comply with the law.
Utah joined the list of states in 2025 that have enacted legislation regulating what information can be reported to organizations requesting...
The phrase, “don’t mess with Texas,” has taken on a whole new meaning. If you were considering using AI for business in Texas, you might want to hold...
In 2024, we covered both Minnesota’s and Rhode Island’s Data Privacy Acts. While Rhode Island’s law will not go into effect until 2026, Minnesota’s...
2024 was a big year for consumer data privacy laws, with states like Minnesota, Rhode Island,and Montanapassing laws to protect consumer rights and...
In 2024, we covered both Minnesota’s and Rhode Island’s Data Privacy Acts. While Rhode Island’s law will not go into effect until 2026, Minnesota’s...
Consumer and data privacy laws have been popping up everywhere lately. Soon, nearly half the nation will have active consumer privacy data laws. It...