Privacy Laws Iowa
IA

Iowa Consumer Data Protection Act

ICDPA

Business-friendly law similar to Utah. No data minimization requirement. 90-day cure period is the longest among state laws.

Effective Date
2025-01-01
Enforcement
Attorney General
Consumer Threshold
100,000 consumers
Revenue Threshold
No threshold

Key Requirements

Privacy notice
Right to access and delete personal data
Right to data portability
Right to opt-out of sale and targeted advertising
No data minimization requirement
Consent for sensitive data
Processor contracts required

Penalties

Up to $7,500 per violation.

Cure Period

90-day cure period (permanent)

E-commerce Relevance

Most business-friendly: no data minimization, no right to correct, longest cure period. Standard thresholds.

Back to All Privacy Laws Scan Your Site