U.S. State Data Protection Laws

Print Version

Baker Donelson's Data Protection, Privacy and Cybersecurity attorneys have extensive experience helping our clients comply with data privacy and security laws in the U.S.

Practice Overview

The evolving landscape of state privacy and security laws has far-reaching consequences for businesses across the country. Although many state law requirements are similar, each state has adopted unique requirements. As a result, businesses must continue to review their data-related activities and develop a holistic strategy to address both legal risk and operational concerns.

Baker Donelson's Data Protection, Privacy, and Cybersecurity attorneys have extensive experience helping our clients comply with data privacy and security laws across the United States. Our team members work with clients to develop practical compliance strategies and understand how these laws impact their business, ensuring they stay updated with privacy laws and the latest regulatory changes and requirements in all states.

Our team of privacy attorneys works with clients across industries to assist in:

Strategic planning with respect to data inventory and mapping
Compliance readiness assessments, including privacy and data security gap assessments
Preparation of privacy notices
Compliance program development, implementation and training
Risk management, including vendor diligence and contracting
Identifying, engaging, and managing IT consultants and solutions

We advise clients in all industry sectors, including:

Advertising, marketing, and digital media
Financial services/wealth management
Health care
Hospitality
Human resource services including employee benefit providers
Manufacturing, including automotive
Professional services organizations
Real estate
Retail and eCommerce
Software and Software-as-a-Service providers

Assisted national eCommerce and brick-and-mortar retailers in developing strategic plans with respect to data inventory and mapping activities.
Worked with international data and analytics company and national laboratory company to determine applicability of state privacy requirements based upon their operations.
Prepared revised privacy notices for retailers, distributors, and software companies.
Assisted online retailers with strategies regarding targeted advertising and cross-context behavioral advertising.
Counseled national commercial financing company with respect to data privacy preparedness planning.
Worked with health care vendors to address the interplay of individual rights afforded under state privacy laws and those provided under HIPAA.
Worked with national automobile company to develop strategic plans for state privacy laws and vendor contracting.
Counseled national investment management company on state privacy law applicability to multiple business operations.

"Location Data Practices Targeted by California Lawmakers and Regulators" (March 2025)
"The Colorado AI Act Shuffle: One Step Forward, Two Steps Back," republished in CPO Magazine (February 2025)
"Best Practices for Protecting Operations from Vendor's Cyber Incidents" (October 2024)
"Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
"Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199" (October 2023)
"Privacy Reset in 2023: Effective January 1: What Employers Need to Know About Additional Rights in the California Privacy Rights Act," republished January 10, 2023, in the Los Angeles Daily Journal (January 2023)
"New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
"California Privacy Law Update: CCPA Amendments Announced and CPPA Board Members Appointed," republished April 8, 2021, in Corporate Compliance Insights (March 2021)
"How California's New(er) Privacy Legislation Will Affect U.S. Businesses," republished November 18, 2020, in Corporate Compliance Insights (November 2020)
"CCPA Final Regulations Submitted – What Does Your Business Need To Do?" (June 2020)
"Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
"California Privacy Regulations Released: Guidance and the Addition of New Requirements" (October 2019)

The CPRA is On the Way: What Your Financial Institution Needs to Do (November 2022)
What to Do in 2022 – Privacy and Data Protection for the New Year (January 2022)
The California Privacy Rights Act and Financial Institutions (March 2021)
California Consumer Privacy Act Essentials for Broker-Dealer and Investment Advisory Firms (December 2019)
California Consumer Privacy Act Essentials for Financial Institutions (November 2019)

Baker Donelson's Vivien F. Peaden and Alexandra P. Moylan Earn AI Governance Professional Certification (June 4, 2024)
Baker Donelson's Matt White Earns Certified Information Privacy Technologist Certification (August 30, 2022)
Baker Donelson Continues to Expand Its Technology & Privacy Practice with Addition of Vivien F. Peaden in Atlanta Office (August 4, 2021)
Baker Donelson's Alex Koskey Earns Payment Card Industry Professional Certification (May 17, 2021)
Baker Donelson's Matt White Earns Payment Card Industry Professional Certification (March 22, 2021)
Baker Donelson's Andrew J. Droke Earns Information Privacy Certification (July 16, 2020)

Alisa Chestler Quoted in Part B News on How Proposed HIPAA Rule May Mean 'Addressable' Measures Are 'Required' (January 20, 2025)
John Ghose Interviewed by Information Week on Nation-State Threats in Wake of U.S. Treasury Breach (January 9, 2025)
Alisa Chestler Talks with Part B News About Fax Phishing Scams in Health Care (July 8, 2024)
Matt White Discusses Use of AI Tools in Anti-Money Laundering Compliance in Global Association of Risk Professionals (November 10, 2023)
Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
Alex Koskey Comments on SEC's Cybersecurity Rules in Communications of the ACM (October 19, 2023)
Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
Matt White Comments on How Speed Complicates Real-Time Payment Anti-Fraud Protections in Global Association of Risk Professionals (June 16, 2023)
John Ghose Discusses Impact of MOVEit Transfer Breach on Payroll Provider Zellis in Information Week (June 8, 2023)
In Commercial Factor Q&A, Alex Koskey and Matt White Discuss Risks and Rewards of Utilizing AI in Financial Services (April 20, 2023)
Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
Law360 Highlights Addition of Vivien Peaden to Firm's Privacy and Technology Practice (August 5, 2021)
Alisa Chestler Comments on Recent OCR Right of Access Settlements in Hospital Access Management (November 10, 2020)
Alisa Chestler Featured on AUA Inside Tract Podcast on Understanding COVID-19 HIPAA Relief Provisions for Telehealth (March 31, 2020)
Alisa Chestler Discusses Continued Emphasis on Cybersecurity and Data Privacy Law During 2020 in Law360 (January 1, 2020)
Alisa Chestler Featured on HealthcareInfoSecurity Discussing Data Privacy and Security Trends (November 13, 2019)

The CPRA is On the Way: What Your Financial Institution Needs to Do (November 9, 2022)
What to Do in 2022 – Privacy and Data Protection for the New Year (January 28, 2022)
California Consumer Privacy Act Essentials for Broker-Dealer and Investment Advisory Firms (December 10, 2019)
California Consumer Privacy Act Essentials for Financial Institutions (November 12, 2019)

Key Contacts

Alexander F. Koskey, CIPP/US, CIPP/E, PCIP

T: 404.443.6734

Email Professional

Andrew J. Droke, CIPP/US

T: 615.726.7365

Email Professional

Vivien F. Peaden, AIGP, CIPP/US, CIPP/E, CIPM, PLS

T: 678.406.8722

Email Professional

View All Professionals in this Practice

U.S. Consumer Data Privacy Law Guides

Related Practices

Featured Media

Location Data Practices Targeted by California Lawmakers and Regulators

Publication / March 14, 2025

The Colorado AI Act Shuffle: One Step Forward, Two Steps Back

Publication / February 11, 2025

Alisa Chestler Quoted in Part B News on How Proposed HIPAA Rule May Mean 'Addressable' Measures Are 'Required'

News / January 20, 2025

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 24 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.

U.S. State Data Protection Laws

Practice Overview

Key Contacts

Related Practices

Featured Media

Search By Last Name

Email Disclaimer