QUESTION

We only do business in my home state. Are we still required to comply with out-of-state privacy laws?

SHORT ANSWER
If you collect or handle information about people located in other states you usually need to follow any laws applicable in the consumer’s home state.
Read More Below

If you collect or handle information about people located in other states, even if you don’t operate in the applicable state, you usually need to follow any laws applicable in the consumer’s home state.  If, for example, you collect information regarding California or Massachusetts residents, regardless of whether you actually do business in California or Massachusetts, you still must follow state privacy law requirements and procedures.