On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law. The new law will take effect on January 1, 2025.
As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing consumers with the rights to access, delete, obtain a copy of their data in a portable format, and opt out of sale of their personal information. The law does not provide a private right of action, instead empowering the state attorney general to bring enforcement actions and seek injunctions if controllers or processors do not cure alleged violations after 90 days.