Modern state privacy statutes require that organizations provide individuals with the ability to opt out of targeted advertising. While the substance of the opt-out right is similar between and among states, state statutes differ in how they mandate the conveyance of the opt-out right. While all state statutes require that an explanation of the right

Modern state privacy laws have attempted to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. The specific thresholds used, however, differ between states. The following provides a comparison of the thresholds that each statute creates for organizations that are subject to regulatory compliance obligations:

All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners. Most modern privacy statutes recognize, however, that privacy risks are reduced when the third party is related to the organization from which the data originates. As the following chart

Please join David Zetoony, U.S. Co-Chair of the Data, Privacy & Cybersecurity Group, and Associate Karin Ross for the CLE webinar “An Overview of New State Privacy Laws: CCPA/CPRA, CPA, CTDPA, UCPA, and VCDPA” on Tuesday, May 24 at 10:00 a.m. PT.

The webinar will provide an overview of the modern state data

While United States statutes that require privacy notices differ in terms of what they require to be included within a privacy notice, none mandate that an organization disclose the fact that information may be shared as part of a merger or acquisition.[1] That said, in 2000 the Federal Trade Commission (FTC) took the position