Data privacy and data security are tech policy concerns that resonate with many voters and policymakers. In the absence of federal data privacy legislation, some states have passed, and others are considering, their own legislation to deal with data privacy questions related to specific technologies including biometrics, among many others. While California had the first general data privacy law at a state level, Virginia and Colorado passed different laws last year. Now states ranging from Connecticut to Utah are considering data privacy laws often modeled after these two examples. What do these data privacy laws mean for consumers and companies, both large and small? What might the landscape of state data privacy laws look like after the 2022 legislative session?