The growing number of U.S. states enacting consumer data privacy legislation is creating a confusing patchwork of local laws that will pose compliance challenges for companies operating across jurisdictions. On Jan. 8, the New Jersey legislature became the 13th U.S. state to pass a consumer data privacy law. If approved by Governor Phil Murphy, the law will go into effect one year after its enactment, joining a host of similar laws passed by other states that are either already in effect or are slated to go into effect in the next two years. In 2023, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas all passed data privacy laws, while California, Connecticut, Colorado, Virginia and Utah began enforcing their own state-level laws. Currently, these states' data privacy frameworks are based on either the California Consumer Privacy Act (CCPA), which entered into force in 2020, or the Washington Privacy Act (WPA), which...