One framework for US data privacy
US data privacy laws are fragmented and constantly changing. Vanta’s US Data Privacy (USDP) framework helps you comply with state-level consumer privacy laws through one unified set of controls, so you can scale confidently across the US.
The trust management platform powering security for over [customer_count] customers
Unify state privacy laws
Vanta’s USDP framework replaces state-by-state compliance with one comprehensive control set. Do the work once and satisfy overlapping requirements across 19 state laws including CCPA/CPRA, VCDPA, and CPA.
Vanta supports 19 state privacy laws including CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, and VA.
Data privacy guidance at your fingertips
Navigate US privacy laws with step-by-step guidance mapped to each requirement. Vanta translates legal obligations into clear controls, policies, and evidence, so you can cut research time and guesswork.
Protect consumer data continuously
Move beyond point-in-time checks with continuous monitoring. Vanta alerts you to failing controls and non-compliant employees in real time, helping you protect consumer data and your brand.
Work once, scale across many
Reuse work across GDPR, NIST 800-171, HIPAA, and more. See how much of each framework you’ve already covered so you can plan what’s next and move faster.
GDPR
Protect EU personal data and comply with GDPR, including support for the EU–US Data Privacy Framework.
NIST 800-171
Protect controlled unclassified information (CUI) when working with the U.S. government or its contractors.
HIPAA
Secure protected health information (PHI) to meet U.S. regulatory requirements for healthcare providers and vendors.
Additional features
Centralized control management
Centralize privacy and security controls in one place to track ownership, implementation, and real-time status.
Access reviews
Ensure only approved users can access systems that handle consumer data with automated access reviews and continuous checks.
Security awareness training
Run built-in privacy and security training to reduce human risk and meet workforce requirements across frameworks.
Policies builder and templates
Create, customize, and publish consumer-facing privacy policies and internal controls using auditor-reviewed templates or custom documents.
AI-powered compliance
Work smarter with automatic control mapping, policy importing and summaries, proactive SLA remediation, and an interactive policy chatbot.
Policy management
Use Vanta AI to draft and update policies faster, then launch and track employee acceptance with built-in, auditor-approved templates.
Learn more about USDP
The US Data Privacy Checklist
US Data Privacy (USDP) is an exclusive consumer data privacy framework available only from Vanta. USDP provides one comprehensive set of controls that gets you compliant with all current US state-level privacy laws – CCPA/CPRA, CPA, CTDPA, UCPA, and VCDPA.
Your essential 10-step GDPR compliance checklist
An actionable GDPR compliance checklist that will help you adhere to the relevant data protection requirements.
GDPR compliance for US companies: Step-by-step guide
Learn how GDPR impacts US organizations and what it takes to achieve compliance.
FAQ
Yes. Vanta’s USDP framework brings all state control sets together into one control set that is updated as laws evolve. States currently included are:
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Delaware Personal Data Privacy Act (DPDPA)
- Indiana Consumer Data Protection Act (ICDPA)
- Iowa Consumer Data Protection Act (ICDPA)
- Kentucky Consumer Data Protection Act (KCDPA)
- Maryland Online Data Privacy Act of 2024 (MODPA)
- Minnesota Consumer Data Privacy Act (MCDPA)
- Montana Consumer Data Privacy Act (MTCDPA)
- Nebraska Data Privacy Act (NDPA)
- New Hampshire Data Privacy Act (NH DPA)
- New Jersey Data Protection Act (NJDPA)
- Oregon Consumer Privacy Act (OCPA)
- Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
- Tennessee Information Protection Act (TIPA)
- Texas Data Privacy and Security Act (TDPSA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
USDP is an evergreen framework. We add new state requirements as they’re enacted and alert you to changes, so you stay ahead.
Yes. Our templates are built by Vanta’s privacy and compliance experts and designed to be customized. We recommend having your legal counsel review them for your use case.
Yes. US state laws and GDPR are separate. If your business meets a state’s thresholds, you’ll need to comply with that law too. Vanta maps overlaps to help minimize duplicate work.
It typically takes 40–80 hours to implement core USDP controls. Your timeline will vary based on scope, data flows, and existing controls. Vanta’s automation and mapping help speed things up.
