2026 US Privacy Program Workbook

Four complexity drivers define the 2026 US privacy landscape: the UOOM opt-out mandate now active in California, MODPA's strict-necessity standard (the strictest in the US), the CPPA's ADMT (automated decision-making) rulemaking, and a shift from state AG enforcement to private right of action in several states.

17-tab architecture:

Cover → Dashboard → State Coverage Matrix → Applicability Assessment → DSR Log → Consent Management → Data Inventory → ADMT Register → Breach Notification → Vendor Data Flows → Privacy Notice Tracker → Policy Register → Training Log → Enforcement Reference → State-Specific Addenda → GPC Implementation → CPPA ADMT Tracker

State Coverage Matrix — 20-state wave table mapping each state's effective date, thresholds, opt-out mechanisms, and unique requirements. Includes the four complexity drivers with implementation callouts.

DSR Log — tracks all data subject requests with state-specific response window enforcement (45 days CA, 45 days VA, 45 days CO, 60 days MD). Overdue conditional formatting per applicable deadline.

ADMT Register — California ADMT rulemaking and MODPA's explicit consent requirement for automated profiling. Pre-seeded with common ADMT scenarios: hiring screening, credit scoring, insurance underwriting, content personalization.

Teal palette — visually distinct from the blue/indigo GDPR workbook. Buyers targeting both EU and US residents get two visually distinguishable workbooks for transatlantic privacy compliance.

User Guide (34 pages): 20-state waves table, four complexity drivers, tab-by-tab walkthrough, operating cadence (daily/weekly/monthly/quarterly/annual + California attestation milestones), three worked examples (Maryland deletion request, GPC implementation for California, ADMT for hiring decisions), enforcement reference with settlement patterns, and 10 FAQs covering small B2B coverage, DPIA vs PIA vs PRA, LLM use cases, and breach timelines.