The US privacy landscape is fragmenting further in 2026. The Kentucky Consumer Data Protection Act and Indiana’s equivalent are now in force, while Rhode Island’s DTPPA introduces unique privacy policy transparency rules. Furthermore, Connecticut (CTDPA) has expanded its scope in 2026, lowering thresholds so that even smaller businesses now fall under its mandate.

For companies targeting US residents, “State-Hopping” compliance is no longer sustainable. You need a unified approach. Enactia’s Privacy Engine automatically updates your data subject request (DSAR) workflows to include the specific nuances of Indiana and Kentucky law, such as their specific “Right to Opt-out” requirements. By mapping your data once, Enactia applies the correct state-level ruleset automatically, protecting you from the growing trend of state-level enforcement.

Map your US State obligations with an Enactia Demo