The Iowa Consumer Data Protection Act (ICDPA) was the sixth comprehensive privacy act signed into law in the US. Iowa joins California, Virginia, Colorado, Utah, and Connecticut in the patchwork US privacy landscape.  

The ICDPA contains provisions found amongst most modern privacy laws including privacy notices, consumer rights, and conditions for processing sensitive data. The ICDPA, is however less restrictive than other US state privacy laws and does not contain provisions relating to privacy risk assessments or employee rights. Download this infographic to get an overview of the ICDPA, who it applies to, what provisions it contains, and the penalties for non-compliance.   

What is the Iowa Consumer Data Protection Act?

The ICDPA is comprehensive privacy law in the state of Iowa that was signed into law on March 29, 2023, and will enter into effect on January 1, 2025.

The ICDPA aims to protect the personal and sensitive personal information of Iowan residents. The law will also introduce a range of new rights that individuals can exercise as well as several other requirements that businesses must consider before the ICDPA enters into effect in 2025. 

Key compliance areas under the ICDPA

The ICDPA highlights some key requirements that businesses must comply with. These include: 

• Individuals privacy rights
• Privacy notices
• Rules for processing sensitive data
• Data security
• Processor contracts

ICDPA overview infographic

Download the OneTrust DataGuidance overview infographic to find out more about key compliance areas under the ICDPA, including:

• Scope
• Key definitions
• Consumer rights
• Enforcement

Download the infographic for an overview of the ICDPA’s requirements or request a demo to see how OneTrust DataGuidance can help you have a deeper understanding of these requirements.

Follow OneTrust DataGuidance on LinkedIn to keep up to date with upcoming webinars, insights, and more.