BarbriSFCourseDetails
  • videocam On-Demand
  • signal_cellular_alt Intermediate
  • card_travel Corporate Law
  • schedule 90 minutes

New State Data Privacy Laws in 2025: Corporate Counsel Compliance Guidance

$297.00

This course is $0 with these passes:

CLE
ALL
  1. keyboard_arrow_leftBack
BarbriPdBannerMessage

Description

Currently, there is no omnibus federal privacy law in effect in the United States--only issue- or industry-related laws such as the Gramm-Leach-Bliley Act for financial institutions, HIPAA for healthcare, and COPPA for children online. Instead, privacy laws consist of a patchwork of myriad state laws with ever-growing complexity.

In 2025, new privacy laws in Delaware, Iowa, Nebraska, New Hampshire, and New Jersey became effective in January; and in Tennessee, Minnesota, and Maryland, comprehensive privacy laws are scheduled to go into effect later this year. Indiana, Kentucky, and Rhode Island join in 2026. These privacy laws define "personal data" broadly, and there are some material differences between them as to obligations and rights. Some states' laws borrow key terms and definitions from the EU General Data Protection Regulation and others from the California regime. All give residents more control over their personal data, especially regarding third-party disclosures and use for advertising.

Effective Jan. 1, 2023, the California Privacy Rights Act (CPRA) amended and broadened the California Consumer Privacy Act passed in 2020. The CPRA is the only one of the comprehensive state privacy laws in the U.S. to date that includes a limited private right of action. The CPRA also created a new enforcement and rulemaking body, the California Privacy Protection Agency. In October 2023, California also passed the Delete Act, which allows consumers to request the deletion of their personal information from all data brokers; and in February the public comment period closed on a draft of new generation of California regulations on automated decision making/profiling/AI, risk assessments, cybersecurity audits and amendments to the existing regulations.

Given the evolving patchwork of laws and regulations, there are significant differences that every enterprise and its counsel should be aware of in the event they meet applicable jurisdictional thresholds and process personal data in those states. It is critical to have thorough knowledge of which state privacy laws apply, how to comply, and ways to avoid regulatory investigations to minimize costly claims and business disruption.

Listen as our distinguished panel of attorneys guides counsel with respect to the requirements, similarities, and differences of recent state privacy laws. The panel will also offer best practices for minimizing data privacy and protection risks and proactive measures for data handling in anticipation of future corporate compliance obligations as additional state laws, and/or a federal law, may emerge.

Presented By

Alan L. Friel
Partner, Chair Data Privacy, Cybersecurity & Digital Assets Practice
Squire Patton Boggs

Mr. Friel is a thought leader in digital media, intellectual property, data privacy and protection, and consumer protection law, with over three decades of relevant experience to address the intersection of law and technology.

Having served as a general counsel for several years in the late 1990s before returning to private practice, he has the necessary expertise to advise clients on making practical and informed business decisions and help companies and entrepreneurs navigate the complex opportunities created by disruptive technology. With his in-house and private practice experience, Mr. Friel assists clients with creating data inventories, and information governance and data privacy and security programs. He has been helping shape law and public policy regarding digital media since he was the Sherwood Shafer Fellow at the American Civil Liberties Union from 1992-1994, addressing the potential benefits and risks of the then emerging Internet, and has made the evolution of data technologies, and corresponding regulation, the focus of his legal practice.


expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Sam E. Marticke
Associate
Parent: Squire Patton Boggs

Mr. Marticke is an Associate in the Data Privacy, Cybersecurity & Digital Assets Practice Group. He also represents clients in a variety of complex litigation cases in state and federal courts. Mr. Marticke graduated from the Georgia State University College of Law summa cum laude and Order of the Coif. While in law school, he served as legislation editor of the Georgia State University Law Review and as a member of the moot court team. Mr. Marticke also worked as a legal extern for Senior US District Judge Amy Totenberg and interned for the US attorney’s office in the Northern District of Georgia, where he helped prosecute complex fraud cases. 

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Colleen M. Yushchak
Senior Managing Director
Ankura Consulting Group, LLC

Ms. Yushchak has over 20 years of experience in technology and litigation consulting, including compliance consulting relating to EU privacy and data protection laws (including, but not limited to, the GDPR), e-discovery and litigation support, cyber breach, change management, and information governance.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.


  • Live Online


    On Demand

Date + Time

  • event

    Thursday, April 17, 2025

  • schedule

    1:00 p.m. ET./10:00 a.m. PT

  1. U.S. state data privacy laws and recent developments
    1. New data subject rights and company obligations and limitations
    2. Data minimization and retention limitations
    3. Advertising and cookies
    4. Data disclosures to vendors and others
    5. Security
  2. The game-changing nature of the new CA regulations
    1. ADMT/Profiling/AI,
    2. Evaluations and Assessments
    3. Cybersecurity Audits
    4. Material amendments to existing regulations
  3. Approaches and Best Practices for Compliance and Information Governance

The panel will cover these and other important issues:

  • What are some of the similarities and differences between the new crop of U.S. state privacy laws and between the state laws?
  • What are the benefits of conducting a data protection impact assessment, and what is required and when?
  • The pros and cons of setting a highwater mark rather than treating residents based on what is required in their state
  • How to practically prioritize company data privacy compliance efforts to minimize risk