Interested in training for your team? Click here to learn more

New State Data Privacy Laws in California and Other States: Corporate Counsel Compliance Guidance

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, March 30, 2023

Recorded event now available

or call 1-800-926-7926

This CLE webinar will brief corporate counsel on the compliance challenges and key differences with California's and other states' new privacy laws. The panel will also discuss effective strategies for managing the widening corporate data privacy risk landscape across territories.


Currently, there is no omnibus federal privacy law in effect in the United States--only issue or industry-related laws such as the Gramm-Leach-Bliley Act for financial institutions and COPPA for children online. Instead, privacy laws consist of a patchwork of various state laws with ever-growing complexity. In 2023, California, Virginia, Colorado, Connecticut, and Utah comprehensive state privacy laws are scheduled to go into effect along with several other states proposing legislation. All five privacy laws define "personal data" and "personal information" broadly and California now covers human resources and business-to-business data subjects in addition to traditional consumers. Virginia, Colorado, Connecticut, and Utah borrow some key terms and definitions from the EU General Data Protection Regulation and others from the California regime. All give residents more control over their personal data, especially regarding third-party disclosures and use for advertising.

The California Privacy Rights Act (CPRA) amends and broadens the California Consumer Privacy Act that was passed in 2020. The CPRA is the only one of the five state privacy laws that creates a private right of action, which is limited to certain data security incidents. it contains increased penalties for violations related to a minor's data. Also, CPRA creates a new enforcement and rulemaking body, the California Privacy Protection Agency. Both California and Colorado are actively promulgating regulations that add obligations and limitations beyond what the underlying laws require.

Although the other states' laws have similarities with the CPRA, there are significant differences that every company and its counsel should be aware of in the event they meet pertinent size and revenue thresholds and utilize personal data in those states. It is critical to have thorough knowledge of which state privacy laws apply, how to comply, and ways to avoid regulatory investigations to minimize costly claims and business disruption.

Listen as our distinguished panel of attorneys provides guidance to counsel with respect to the requirements, similarities, and differences of recent state privacy laws. The panel will also offer best practices for minimizing data privacy and protection risks and proactive measures for data handling in anticipation of future corporate compliance obligations as additional states laws, and/or a federal law, may emerge.



  1. U.S. state privacy laws and recent developments
    1. New data subject rights and company obligations and limitations
    2. Data minimization and retention limitations
    3. Advertising and cookies
    4. Data disclosures to vendors and others
    5. Security
  2. Effective methods of compliance and data handling
    1. Data inventory and info governance
    2. Gap assessments and remediation plans
    3. Processor and third party management
  3. Workstream and checklist for data privacy risk preparedness


The panel will cover these and other important issues:

  • What are some of the similarities and differences with the new crop of U.S. state privacy laws and between them and data laws in Europe and other nations?
  • What are the benefits of conducting a data protection impact assessment, and when is it required?
  • How to practically prioritize company data privacy compliance efforts to minimize risk?
  • Attendees will receive summary materials and model workstreams


Friel, Alan
Alan L. Friel

Squire Patton Boggs

Mr. Friel is co-Chair of the firm’s Global Data Privacy, Cybersecurity & Digital Assets Practice. BTI has...  |  Read More

Jaworski, Myriah
Myriah V. Jaworski

Member, Data Privacy/Cyber Security Group
Clark Hill

Focusing her practice on the intersection of law and technology, Ms. Jaworski advises clients on enterprise-wide data...  |  Read More

Access Anytime, Anywhere

A savings of $148

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video