U.S. State Data Protection Laws

Results may vary depending on your particular facts and legal circumstances.

• Assisted national eCommerce and brick-and-mortar retailers in developing strategic plans with respect to data inventory and mapping activities.

• Worked with international data and analytics company and national laboratory company to determine applicability of state privacy requirements based upon their operations.

• Prepared revised privacy notices for retailers, distributors, and software companies.

• Assisted online retailers with strategies regarding targeted advertising and cross-context behavioral advertising.

• Counseled national commercial financing company with respect to data privacy preparedness planning.

• Worked with health care vendors to address the interplay of individual rights afforded under state privacy laws and those provided under HIPAA.

• Worked with national automobile company to develop strategic plans for state privacy laws and vendor contracting.

• Counseled national investment management company on state privacy law applicability to multiple business operations.

• "T-Minus Two Months: Another State Enters the National Stage – Preparing for the Tennessee Information Protection Act," republished in the Daily Report (May 2025)
• "Recent CCPA Decision Portends Potential Expansion of Class Action Liability Exposure For Cookies, Pixels, and Tracking Technologies," republished in Law360 (May 2025)
• "Location Data Practices Targeted by California Lawmakers and Regulators," republished in FinTech Law Report (March 2025)
• "The Colorado AI Act Shuffle: One Step Forward, Two Steps Back," republished in CPO Magazine (February 2025)
• "Best Practices for Protecting Operations from Vendor's Cyber Incidents" (October 2024)
• "Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
• "Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199" (October 2023)
• "Privacy Reset in 2023: Effective January 1: What Employers Need to Know About Additional Rights in the California Privacy Rights Act," republished January 10, 2023, in the Los Angeles Daily Journal (January 2023)
• "New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
• "California Privacy Law Update: CCPA Amendments Announced and CPPA Board Members Appointed," republished April 8, 2021, in Corporate Compliance Insights (March 2021)
• "How California's New(er) Privacy Legislation Will Affect U.S. Businesses," republished November 18, 2020, in Corporate Compliance Insights (November 2020)
• "CCPA Final Regulations Submitted – What Does Your Business Need To Do?" (June 2020)
• "Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
• "California Privacy Regulations Released: Guidance and the Addition of New Requirements" (October 2019)

• The CPRA is On the Way: What Your Financial Institution Needs to Do (November 2022)
• What to Do in 2022 – Privacy and Data Protection for the New Year (January 2022)
• The California Privacy Rights Act and Financial Institutions (March 2021)
• California Consumer Privacy Act Essentials for Broker-Dealer and Investment Advisory Firms (December 2019)
• California Consumer Privacy Act Essentials for Financial Institutions (November 2019)

• Baker Donelson's Matthew G. White Earns AI Governance Professional Certification (April 9, 2025)
• Baker Donelson's Vivien F. Peaden and Alexandra P. Moylan Earn AI Governance Professional Certification (June 4, 2024)
• Baker Donelson's Matt White Earns Certified Information Privacy Technologist Certification (August 30, 2022)
• Baker Donelson Continues to Expand Its Technology & Privacy Practice with Addition of Vivien F. Peaden in Atlanta Office (August 4, 2021)
• Baker Donelson's Alex Koskey Earns Payment Card Industry Professional Certification (May 17, 2021)
• Baker Donelson's Matt White Earns Payment Card Industry Professional Certification (March 22, 2021)
• Baker Donelson's Andrew J. Droke Earns Information Privacy Certification (July 16, 2020)

• Vivien Peaden Talks with Daily Report About Being Elected a Firm Shareholder (May 2, 2025)
• Alisa Chestler Quoted in Part B News on How Proposed HIPAA Rule May Mean 'Addressable' Measures Are 'Required' (January 20, 2025)
• John Ghose Interviewed by Information Week on Nation-State Threats in Wake of U.S. Treasury Breach (January 9, 2025)
• Alisa Chestler Talks with Part B News About Fax Phishing Scams in Health Care (July 8, 2024)
• Matt White Discusses Use of AI Tools in Anti-Money Laundering Compliance in Global Association of Risk Professionals (November 10, 2023)
• Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
• Alex Koskey Comments on SEC's Cybersecurity Rules in Communications of the ACM (October 19, 2023)
• Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
• Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
• Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
• Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
• Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
• Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
• Matt White Comments on How Speed Complicates Real-Time Payment Anti-Fraud Protections in Global Association of Risk Professionals (June 16, 2023)
• John Ghose Discusses Impact of MOVEit Transfer Breach on Payroll Provider Zellis in Information Week (June 8, 2023)
• In Commercial Factor Q&A, Alex Koskey and Matt White Discuss Risks and Rewards of Utilizing AI in Financial Services (April 20, 2023)
• Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
• Law360 Highlights Addition of Vivien Peaden to Firm's Privacy and Technology Practice (August 5, 2021)
• Alisa Chestler Comments on Recent OCR Right of Access Settlements in Hospital Access Management (November 10, 2020)
• Alisa Chestler Featured on AUA Inside Tract Podcast on Understanding COVID-19 HIPAA Relief Provisions for Telehealth (March 31, 2020)
• Alisa Chestler Discusses Continued Emphasis on Cybersecurity and Data Privacy Law During 2020 in Law360 (January 1, 2020)
• Alisa Chestler Featured on HealthcareInfoSecurity Discussing Data Privacy and Security Trends (November 13, 2019)

• The CPRA is On the Way: What Your Financial Institution Needs to Do (November 9, 2022)
• What to Do in 2022 – Privacy and Data Protection for the New Year (January 28, 2022)
• California Consumer Privacy Act Essentials for Broker-Dealer and Investment Advisory Firms (December 10, 2019)
• California Consumer Privacy Act Essentials for Financial Institutions (November 12, 2019)