State privacy overview

Iowa Data Privacy: A Plain-Language Overview

Informational summary · Iowa Consumer Data Protection Act
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

Iowa Consumer Data Protection Act

Status: Effective January 1, 2025

The Iowa Consumer Data Protection Act regulates the handling of personal data by businesses operating in the state. It requires transparency, data minimization, and security safeguards while granting residents specific rights over their information.

Rights residents generally have

Who it generally applies to

For-profit entities that control or process personal data of Iowa residents and either earn more than $20 million in annual revenue, buy/sell data of 100,000+ consumers, or derive over 50% of revenue from selling data. Non-profit and government institutions are generally exempt.

What this means for B2B outreach

The law explicitly excludes 'commercial or professional contact information' used solely for employment or business-to-business communications, meaning most B2B contact data is not treated as personal data under the regulation.

Authoritative source: Iowa Attorney General. Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews