During this webinar, David Saunders and Andrew Chappell,  unpacked the latest legislative updates, compliance strategies, and risk management insights to help your organization stay ahead of laws and regulations that were enacted or passed in the 2024-2025 legislative cycle.

Top takeaways included:

1. State privacy laws continue to evolve. Compliance is not a “set it and forget it” task. While no state enacted a new, omnibus privacy law in 2025 yet, six states amended existing bills, significantly altering the scope of applicability, exemptions, and customer rights.  It is critical that businesses assess their compliance on a regular basis as the laws are changing frequently, and the compliance goal posts moving.
2. Data mapping remains critical for compliance. Companies must have a thorough understanding of where their data is coming from, where it is stored, and how it is being used to comply with the various state laws. This includes knowing the state of origin for the data, the purpose of the data collection, and any secondary purposes for which the data may be used. Effective data mapping is essential for managing the complexities of state privacy laws.
3. California’s CCPA regulations are coming. The California Privacy Protection Agency (CPPA) finalized amendments to the California Consumer Privacy Act (CCPA) regulations, which are expected to come into effect in Q4 2025. These changes include new requirements for privacy notices, consumer rights, and cybersecurity audits. Companies subject to CCPA must prepare for these changes by updating their privacy policies, service provider contracts, and more.
4. Age signal laws are emerging trends and may impose significant operational burdens. States like Louisiana, Utah, and Texas have passed app-based age signal laws that require app stores to disclose the age (or age category) of users downloading apps. App publishers that receive this information will have obligations not only under these state laws but may potentially have to rethink their Children’s Online Privacy Protection Act compliance obligations.
5. Federal privacy legislation remains unlikely in the near future. The likelihood of comprehensive federal privacy legislation passing is low.  In the absence of federal action, states continue to be the place to watch for ongoing legislative developments.