Businesses forced to comply with a patchwork of state and global privacy rules have turned what was once a cottage industry focused on data and privacy into a multi-billion-dollar sector.

Why it matters: As COVID-19 pushed consumers online in droves, companies — from Fortune 500 firms to the corner coffee shop — had to grapple with how to legally handle personal data. The privacy-tech companies who know how to do it have been raking in the cash.

"Data is on its way to becoming a fairly regulated business, even though we don't have a national law yet," said Jules Polonetsky, CEO of the Future of Privacy Forum. "If you're a restaurant or even a school — and all of a sudden you're covered by one of these laws — you now have to assess and document that you're in compliance."

By the numbers: Consumers are more connected than ever, causing data flows to a wide variety of companies to grow exponentially.

• The average American household now has 25 connected devices, ranging from laptops, smartphones and smart TVs to gaming consoles, smart home devices and connected fitness machines, according to a Deloitte connectivity survey out today.
• 66% of households have smart home devices, per Deloitte.
• 70% of those who began shopping on their smartphones thanks to the pandemic plan to continue.

What's happening: The companies that help other companies process, maintain, and legally maximize use of consumer data are in high demand, and collectively need to mature, according to a Future of Privacy Forum report shared first with Axios.

• Some of the largest players — such as BigID and OneTrust — have multi-billion-dollar market caps on their own.
• Venture capital investment remains high: According to TechCrunch, about 207 privacy startups have together raised more than $3.5 billion in funding.
• Private equity firms are buying up smaller niche firms to provide suites of services to compete with the biggest companies.

These companies are increasingly becoming "platforms for risk management," per Polonetsky.

• The legal and reputational risks posed by data leaks and inappropriate uses of data are so great that they've become a board-level issue. And purchasing power has moved up the corporate ladder to chief technology officers and chief marketing officers — who control the biggest budgets.

What's next: By July 1, for the first time, under provisions of California's privacy law, companies buying or selling personal information of more than 10 million or more consumers have to be prepared to publish detailed records of consumer requests received the previous year.

What to watch: Privacy tech firms will likely merge or form joint ventures to provide the broadest set of services to big companies as regulations become more complex, according Tim Sparapani, lead author of the FPF report.

Go deeper:

• U.S. gets boxed in on privacy
• The EU privacy law's track record