Louisiana Enacts Comprehensive Consumer Privacy Law

Staff Editor 2026-06-12
Louisiana Enacts Comprehensive Consumer Privacy Law

Louisiana Enacts Comprehensive Consumer Privacy Law

https://www.hunton.com/privacy-and-cybersecurity-law-blog/louisiana-enacts-comprehensive-consumer-privacy-law

Publish Date: 2026-06-12 16:44:00

Source Domain: www.hunton.com

Louisiana recently enacted Senate Bill 386, the Louisiana Data Privacy Act (“LDPA”), becoming the 22nd U.S. state to adopt a comprehensive consumer data privacy law. The LDPA follows the now-familiar controller/processor and consumer-rights framework seen in many state comprehensive data privacy laws, with certain distinctions.

Scope

The LDPA applies to any person or entity that does business in Louisiana and satisfies at least one of the following thresholds:

  • has annual gross revenues exceeding $25 million;
  • annually buys, receives, “sells” (for monetary or other valuable consideration), or shares for commercial purposes the personal data of 75,000 or more consumers, households, or devices; or
  • derives 50% or more of its annual revenues from selling consumers’ personal data.

Notably, unlike many other state comprehensive data privacy laws, the LDPA does not apply to entities that merely “target” Louisiana residents with their products and services. Rather, it applies to entities that ”do business” in the state, which may narrow the law’s reach.

Like other state comprehensive data privacy laws, the LDPA exempts certain entities and data from its scope. Exempt entities include state agencies, GLB-regulated financial institutions, HIPAA-covered entities and business associates, nonprofits and institutions of higher education. Data-level exemptions include HR-related data, PHI and NPI.

Key Obligations

The LDPA imposes several obligations on controllers, including:

  • Privacy Notice: Controllers must provide a reasonably accessible and clear privacy notice that discloses the categories of personal data (including sensitive data) processed; the purposes of processing; the categories of personal data sold to third parties; the categories of third parties receiving the data; and the methods for submitting consumer rights requests.
  • Data Minimization: Controllers must limit the collection of personal data to what is adequate, relevant and reasonably…

Source

More Stories

Trump privacy restrictions may reduce Census Bureau data : NPR

Trump privacy restrictions may reduce Census Bureau data : NPR

Staff Editor 2026-06-12
Meta’s smart glasses have sparked privacy concerns. But Julius “Computahh” Mondragon’s viral Meta glasses videos are making strangers smile. Katie Notopoulos reports.

Meta’s smart glasses have sparked privacy concerns. But Julius “Computahh” Mondragon’s viral Meta glasses videos are making strangers smile. Katie Notopoulos reports.

Staff Editor 2026-06-12
Upholding US values of security and privacy

Upholding US values of security and privacy

Staff Editor 2026-06-12

Terms and Conditions - Privacy Policy