All Episodes
Displaying 81 - 98 of 98 in total
Episode 81 — Data Protection Agreements: Contracts and Assessments
Contracts are central to ensuring compliance with state privacy laws. This episode explains how data protection agreements define the obligations between controllers a...
Episode 82 — State Security Requirements: Common Controls Across Jurisdictions
Most state privacy laws include explicit security requirements. This episode reviews common obligations such as implementing reasonable safeguards, risk-based controls...
Episode 83 — Health Data Rules: WA MHMD, NV Health Data Act, and IL GIPA
Beyond HIPAA, states have introduced new health data privacy statutes. This episode explores Washington’s My Health My Data Act (MHMD), Nevada’s Consumer Health Data P...
Episode 84 — Cookies and Tracking: Online Privacy Regulations
State laws increasingly regulate cookies, pixels, and online tracking. This episode explains how transparency, consent, and opt-out obligations apply to digital advert...
Episode 85 — Biometric Privacy: IL BIPA, WA, TX, and Related Statutes
Biometric privacy laws impose strict requirements on collecting and using data such as fingerprints, facial recognition, and iris scans. This episode covers the Illino...
Episode 86 — AI Bias and ADM: NAIC AIS Guidelines, NYC AEDT, and State Rules
Automated decision-making (ADM) and artificial intelligence raise fairness and discrimination concerns. This episode introduces the NAIC Artificial Intelligence Govern...
Episode 87 — California CCPA/CPRA: Comprehensive Consumer Privacy Framework
California remains the leader in state privacy law. This episode reviews the California Consumer Privacy Act (CCPA) and its amendment through the California Privacy Ri...
Episode 88 — California AADC: Age-Appropriate Design Code Protections
Children’s privacy receives special attention in California’s Age-Appropriate Design Code Act (AADC). This episode explains its requirements for online services likely...
Episode 89 — California Delete Act: Data Broker Registration and Rights
The California Delete Act introduces obligations for data brokers, requiring them to register and enabling consumers to request deletion of their data from all registe...
Episode 90 — Virginia CDPA: Consumer Data Protection Act Essentials
Virginia’s Consumer Data Protection Act (CDPA) established one of the first comprehensive state privacy frameworks outside California. This episode reviews its applica...
Episode 91 — Colorado Privacy Act: Rights, Duties, and Insurance Bias Provisions
Colorado’s Privacy Act builds on the momentum from California and Virginia, offering a comprehensive framework with unique twists. This episode reviews its applicabili...
Episode 92 — Other State Acts: Emerging Comprehensive Privacy Laws
Beyond California, Virginia, and Colorado, many states are adopting or considering comprehensive privacy laws. This episode surveys these developments, highlighting fe...
Episode 93 — Enforcement Mechanics: Cure Periods and Penalties
Enforcement provisions determine how state privacy laws are applied in practice. This episode explains cure periods, which give businesses time to fix violations befor...
Episode 94 — Breach Notification: Definitions, Triggers, and Scope
State breach notification laws form one of the most uniform yet varied areas of privacy law. This episode reviews the common elements—definitions of personal informati...
Episode 95 — State Variations: Comparing Notification Timelines and Duties
Even within the common framework of breach notification, state differences matter. This episode compares notification timelines, which can range from “without unreason...
Episode 96 — Recent Changes: Pennsylvania SB 696 and Utah S.B. 127
State privacy laws continue to evolve. This episode reviews recent changes, such as Pennsylvania SB 696, which updated breach notification requirements, and Utah S.B. ...
Episode 97 — Cross-Domain Comparison: Federal, State, and International Overlaps
The final episode ties everything together by comparing U.S. federal privacy laws, state-level frameworks, and international regimes like the GDPR. We’ll highlight how...