BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Corporate Law

Date & Time
  • event Date

    Thursday, April 17, 2025

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00

This CLE webinar will brief corporate counsel on the compliance challenges and key differences with California's and other states' new privacy laws and regulations. The panel will also discuss effective strategies for managing the widening corporate data privacy risk landscape across territories.

Faculty

Alan L. Friel
Partner, Chair Data Privacy, Cybersecurity & Digital Assets Practice
Squire Patton Boggs

Mr. Friel is a thought leader in digital media, IP, data privacy and protection, and consumer protection law, with over three decades of relevant experience to address the intersection of law and technology. Having served as a GC for several years in the late 1990s before returning to private practice, Mr. Friel has the necessary expertise to advise clients on making practical and informed business decisions, and help companies and entrepreneurs navigate the complex opportunities created by disruptive technology. With his in-house and private practice experience, he assists clients with creating data inventories, and information governance and data privacy and security programs; developing and implementing policies and procedures for providing consumer data privacy transparency, choice and access; drafting and negotiating privacy and data security provisions for commercial contracts; evaluating privacy impact assessments; addressing data privacy and security issues in merger and acquisitions transactions; structuring personal data transfer arrangements (including cross-border, intracompany, sales and licenses, and disclosures that are exempt from, and/or comply with, certain legal restrictions); drafting and revising external and internal privacy and data security policies and procedures; and addressing complex intellectual property and consumer protection issues related to digital media, advertising and commerce, such as in connection with the development and deployment of artificial intelligence, tailored and targeted advertising practices, and digital transformation and data commercialization strategies. Mr. Friel is a sought-after speaker and is affiliated with UCLA as an assistant professor in a multidisciplinary project at the Graduate School of TV, Film and Digital Media, and is an adjunct professor at Loyola Marymount School of Law.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Colleen Yushchak
Senior Managing Director
Ankura Consulting Group, LLC

Ms. Yushchak has over 20 years of experience in technology and litigation consulting, including compliance consulting relating to EU privacy and data protection laws (including, but not limited to, the GDPR), e-discovery and litigation support, cyber breach, change management, and information governance.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Samuel E. Marticke
Associate
Squire Patton Boggs

Mr. Marticke is an Associate in the Data Privacy, Cybersecurity & Digital Assets Practice Group. He also represents clients in a variety of complex litigation cases in state and federal courts. Mr. Marticke graduated from the Georgia State University College of Law summa cum laude and Order of the Coif. While in law school, he served as legislation editor of the Georgia State University Law Review and as a member of the moot court team. Mr. Marticke also worked as a legal extern for Senior US District Judge Amy Totenberg and interned for the US attorney’s office in the Northern District of Georgia, where he helped prosecute complex fraud cases. 

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

Currently, there is no omnibus federal privacy law in effect in the United States--only issue- or industry-related laws such as the Gramm-Leach-Bliley Act for financial institutions, HIPAA for healthcare, and COPPA for children online. Instead, privacy laws consist of a patchwork of myriad state laws with ever-growing complexity.

In 2025, new privacy laws in Delaware, Iowa, Nebraska, New Hampshire, and New Jersey became effective in January; and in Tennessee, Minnesota, and Maryland, comprehensive privacy laws are scheduled to go into effect later this year. Indiana, Kentucky, and Rhode Island join in 2026. These privacy laws define "personal data" broadly, and there are some material differences between them as to obligations and rights. Some states' laws borrow key terms and definitions from the EU General Data Protection Regulation and others from the California regime. All give residents more control over their personal data, especially regarding third-party disclosures and use for advertising.

Effective Jan. 1, 2023, the California Privacy Rights Act (CPRA) amended and broadened the California Consumer Privacy Act passed in 2020. The CPRA is the only one of the comprehensive state privacy laws in the U.S. to date that includes a limited private right of action. The CPRA also created a new enforcement and rulemaking body, the California Privacy Protection Agency. In October 2023, California also passed the Delete Act, which allows consumers to request the deletion of their personal information from all data brokers; and in February the public comment period closed on a draft of new generation of California regulations on automated decision making/profiling/AI, risk assessments, cybersecurity audits and amendments to the existing regulations.

Given the evolving patchwork of laws and regulations, there are significant differences that every enterprise and its counsel should be aware of in the event they meet applicable jurisdictional thresholds and process personal data in those states. It is critical to have thorough knowledge of which state privacy laws apply, how to comply, and ways to avoid regulatory investigations to minimize costly claims and business disruption.

Listen as our distinguished panel of attorneys guides counsel with respect to the requirements, similarities, and differences of recent state privacy laws. The panel will also offer best practices for minimizing data privacy and protection risks and proactive measures for data handling in anticipation of future corporate compliance obligations as additional state laws, and/or a federal law, may emerge.

Outline

  1. U.S. state data privacy laws and recent developments
    • New data subject rights and company obligations and limitations
    • Data minimization and retention limitations
    • Advertising and cookies
    • Data disclosures to vendors and others
    • Security
  2. The game-changing nature of the new CA regulations
    • ADMT/Profiling/AI,
    • Evaluations and Assessments
    • Cybersecurity Audits
    • Material amendments to existing regulations
  3. Approaches and Best Practices for Compliance and Information Governance

Benefits

The panel will cover these and other important issues:

  • What are some of the similarities and differences between the new crop of U.S. state privacy laws and between the state laws?
  • What are the benefits of conducting a data protection impact assessment, and what is required and when?
  • The pros and cons of setting a highwater mark rather than treating residents based on what is required in their state
  • How to practically prioritize company data privacy compliance efforts to minimize risk