Iowa Consumer Data Protection Act
SF 262
Regulatory Snapshot: Iowa Consumer Data Protection Act
Iowa Consumer Data Protection Act (SF 262) is an enacted law in Iowa under the Data Privacy category. It was enacted on 2023-03-28 and becomes effective on 2025-01-01. Iowa currently reports 2 tracked regulations with 2 already in force, giving the state a regulatory strictness score of 31/100 relative to the national baseline. PlainRegWatch last verified this entry on 2026-03-18.
Nationally, 21 states have enacted data privacy statutes and 0 additional bills remain pending — 21 distinct jurisdictions have codified rules in this area so far. That places Iowa within a mature and broadly adopted data privacy landscape where compliance programs typically hinge on definitions in SF 262 itself.
Applicability under Iowa Consumer Data Protection Act: 100K+ IA consumers, or 25K+ with 50%+ data sale revenue. Penalty exposure is documented as: $7,500/violation. AG with 90-day cure (permanent). Notable exemptions: Government, HIPAA, GLBA, nonprofits, higher ed..
Summary
Business-friendly with permanent 90-day cure period.
Key Requirements
Access, deletion, portability, opt-out. Sensitive data consent. No universal opt-out requirement.
Penalties
$7,500/violation. AG with 90-day cure (permanent).
Applicability
100K+ IA consumers, or 25K+ with 50%+ data sale revenue.
Exemptions
Government, HIPAA, GLBA, nonprofits, higher ed.
Official Source
https://www.legis.iowa.gov/legislation/BillBook?ga=90&ba=sf262Frequently Asked Questions
Which states have data privacy regulations?
As of the last verification, 21 states have enacted data privacy regulations, with 0 additional bills pending across other states. Iowa is among the states that has enacted such legislation. Browse all data privacy regulations at plainregwatch.com for the complete state-by-state comparison.
When was Iowa Consumer Data Protection Act enacted?
Iowa Consumer Data Protection Act was enacted on 2023-03-28 and became effective on 2025-01-01. It was introduced as SF 262.
What are the penalties for violating Iowa Consumer Data Protection Act?
$7,500/violation. AG with 90-day cure (permanent). Note that enforcement mechanisms and penalty structures may vary. Consult the official statute and qualified legal counsel for specific compliance requirements.
Does Iowa Consumer Data Protection Act apply to small businesses?
100K+ IA consumers, or 25K+ with 50%+ data sale revenue. Many state regulations include thresholds or exemptions for smaller organizations. Review the full applicability criteria and consult legal counsel to determine your obligations.
How does Iowa compare to other states on data privacy?
Iowa has a regulatory strictness score of 31/100, based on 2 enacted regulations out of 2 tracked. Nationally, 21 states have enacted data privacy laws. Visit our state comparison page for a full ranking.
Where can I read the full text of Iowa Consumer Data Protection Act?
The official text of Iowa Consumer Data Protection Act (SF 262) is available from the Iowa legislature. PlainRegWatch links to the official source for every tracked regulation. We recommend reviewing the full statute alongside qualified legal counsel for compliance planning.
Regulation Guides
Plain-language guides to help you understand the broader regulatory landscape.
Related Federal Data
Explore federal datasets connected to state regulation and enforcement.
PlainInfluence
Federal lobbying and influence data — see who shapes state regulation
PlainSpending
Federal spending data — track enforcement budgets behind regulations
PlainGovJobs
Government workforce data — agencies enforcing state and federal rules
PlainEnviro
EPA enforcement and environmental compliance across all 50 states
Explore Regulations
Disclaimer: This summary is provided for informational purposes only and does not constitute legal advice. Regulation details may have changed since last verification (2026-03-18). Always consult official sources and qualified legal counsel for compliance guidance.
More Iowa Regulations
Read our methodology — how this data is sourced, computed, and verified.
Related
| Publisher | Kiznis Studio |
| Sources | Public state legislatures, IAPP, NCSL, and federal regulatory trackers |