State Privacy Law Gap Analysis
CCPA, CPRA, Virginia, Colorado, and a dozen more. State privacy laws are multiplying. We figure out which ones apply to you and where your compliance gaps are.
This is for you if:
- You have customers across multiple states and aren't sure which laws apply
- Your privacy policy hasn't been updated for CPRA or newer state laws
- You're getting consumer rights requests and aren't sure you're handling them correctly
- Enterprise customers are asking about your privacy compliance
What you get
Multi-State Applicability Analysis
We determine which state privacy laws apply to your business based on revenue, data volume, and where your customers are. Clear documentation of your obligations in each state.
Requirements Matrix
Side-by-side comparison of requirements across all applicable states. Consumer rights, opt-out mechanisms, data processing requirements, and notice obligations mapped out.
Privacy Notice Gap Review
Assessment of your current privacy policy against each applicable law. We identify what's missing, what's outdated, and what language needs updating.
Consumer Rights Process Assessment
Review of how you handle access, deletion, correction, and opt-out requests. We document gaps in your DSAR process and response timelines.
Vendor Agreement Checklist
Data Processing Agreement requirements for each state. We show what clauses you need in vendor contracts and what's missing from your current templates.
Compliance Roadmap
Prioritized action items organized by deadline urgency and risk level. You'll know what to fix first to achieve multi-state compliance.
The process
8 steps from intake to complete multi-state privacy law assessment.
Submit intake
Online form
State mapping
Applicability
Threshold check
Revenue/data
Notice review
Privacy policy
Rights audit
DSAR process
Vendor check
DPA review
Gap analysis
Full matrix
Delivery
Full report
Longs PeakWhat's included
- Multi-state applicability determination
- Requirements comparison matrix
- Privacy notice gap analysis
- DSAR process assessment
- Vendor DPA checklist
- Prioritized compliance roadmap
- Consumer rights process templates
- GPC implementation guidance
- 30-day email support
Important
This engagement constitutes a gap analysis and does not include drafting or revision of privacy policies. This assessment evaluates your current compliance posture and identifies required modifications. Implementation of recommended changes remains the responsibility of the client or the client's legal counsel.
State laws we analyze
The privacy law landscape is expanding rapidly. We track all active and upcoming state laws and determine which apply to your business.
Before vs After
Without assessment
Guessing which states apply
Privacy policy hasn't been updated
DSARs handled inconsistently
No GPC implementation
Vendor contracts missing DPA terms
With Privacy Snapshot
Know exactly which laws apply
Gap-by-gap notice update list
DSAR process documented
GPC guidance included
DPA checklist for vendors
Result
Multi-state compliance clarity
Common questions
How do I know which state laws apply to my business?
It depends on where your customers are, your annual revenue, how much consumer data you process, and whether you sell or share data. Most states use thresholds like 100,000 consumers or $25M revenue. We analyze your specific situation and give you a definitive answer for each state.
We're not based in California. Does CCPA still apply?
Probably. CCPA applies if you do business in California (including online), meet revenue thresholds ($25M+), or handle data of 100,000+ California residents. Where you're headquartered doesn't matter—it's where your customers are.
What's the difference between all these state laws?
They're similar but not identical. Key differences include opt-out requirements (some require Global Privacy Control support), cure periods for violations, private right of action, and sensitive data definitions. We map these differences so you know exactly what each state requires.
Do we need to comply with every state law?
Only the ones where you meet the thresholds. Many businesses find they trigger 3-5 state laws. Some only trigger California. We determine exactly which apply and recommend whether to implement a baseline that covers all or take a state-by-state approach.
What happens if we're not compliant?
Penalties vary by state. California can fine up to $7,500 per intentional violation. Most states allow a cure period (30-60 days to fix issues after notice). Some states like California allow private lawsuits for data breaches. The bigger risk is often operational—responding to consumer requests you're not prepared for.
Can we just update our privacy policy and be done?
The privacy notice is just one piece. You also need processes for handling consumer requests (access, deletion, opt-out), vendor agreements with proper data processing terms, and potentially technical implementations like Global Privacy Control. We assess all of it.
Stop guessing which privacy laws apply to you.
We analyze your business against 15+ state privacy laws and show you exactly which apply and where your gaps are. 10 days, $1,990. Then you'll have a clear compliance roadmap.
Get Started