Color Code
DPIA
Data Protection Impact Assessment
PRA
Private Right of Action
Data Security
Processor should establish, implement, and maintain reasonable administrative, technical, and physical data security practices appropriate to the volume and nature of the personal data at issue.
General Exception
The obligations imposed on controllers/processors under this act do not restrict their ability to…prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, or malicious, deceptive, or illegal activity; preserve the integrity of security systems; or investigate, report, or prosecute those responsible for any such action.
State Information
How to Use This Map
Hover over any state to see its name
Click on a state to view detailed information about its specific requirements
Review the keys in the right side panel.