The Louisiana Data Privacy Act establishes comprehensive regulations to enhance consumer data privacy and outlines the responsibilities of data controllers and processors. Key provisions include the requirement for clear consumer consent for data processing, the establishment of definitions for terms related to data privacy, and the delineation of enforcement mechanisms. The Act applies to businesses with annual gross revenues exceeding $25 million, those sharing personal information of 75,000 or more consumers, or those deriving 50% or more of their revenue from selling personal information. Notably, state agencies, financial institutions, healthcare entities, nonprofit organizations, and educational institutions are exempt from its provisions.

The bill emphasizes consumer rights, allowing individuals to request access, correction, deletion, and opt-out options for their data, while mandating that controllers respond to these requests within specified timeframes. It also requires controllers to limit data collection to what is necessary, implement reasonable security practices, and provide clear privacy notices to consumers. Additionally, the bill outlines the responsibilities of data processors and mandates data protection assessments for certain processing activities. The enforcement of the Act will be overseen by the attorney general, who must notify parties of potential violations and allow a thirty-day period for rectification before initiating investigations. The legislation is set to take effect on January 1, 2027.