While all 50 states have breach notification laws in place where you must be notified if your data is stolen by a hacker, only a handful, most prominently California, have enacted or even framed formal data privacy legislation.
But the trend line is clearly established at the state and local level. A number of cities, such as New York with its Stop Hacks and Improve Electronic Data Security Act (SHIELD), have also instituted strong data privacy laws. A few Silicon Valley leaders themselves are looking ahead (most prominently Apple CEO Tim Cook), coming on board and calling for federal data privacy legislation. You’d be wise to look into the details of state and city data privacy policies for where you’re based and where you do business.