Overview
There are now over a dozen newly enacted state privacy laws with varying requirements and exemptions. Many of these new rules overlap with existing state and federal obligations that are being enforced by different regulators with contrasting priorities.
In this webinar co-hosted with the Association of Corporate Counsel (ACC) Northeast Chapter, McDermott Partners Elliot Golding and Amy Pimentel were joined by Maureen Hernberg and John Vaughan to provide practical tips to build or supplement a compliance program to address the newly enacted state privacy laws and enforcement risks.
Top takeaways included:
- Prioritize compliance: Enforcement is increasing, especially with respect to “low-hanging fruit” that is externally visible (like privacy notice issues and the use of cookies and tracking technologies), privacy rights and sensitive data handling. Companies should reexamine their “external” compliance efforts and take steps to shore up other priority issues, such as conducting a cookie audit, practicing responding to a privacy request and engaging in a data mapping exercise.
- Do your homework. Scoping and harmonization across state privacy laws and other federal and industry-specific frameworks are key to creating workable solutions for your organization. Taking time to understand how all the laws applicable to your organization overlap and diverge will make building and updating compliance programs to cover additional laws more manageable. It can be helpful to consult individuals who have built these harmonized programs to get the benefit of benchmarking, practical tips and implementation insights.
- Educate your stakeholders. Successful programs require time (often more than expected) and resources. Educating key stakeholders is critical to facilitating efficient resource allocation and smart, risk-based decision-making.
