• videocam On-Demand Webinar
  • signal_cellular_alt Intermediate
  • card_travel Cybersecurity and Data Privacy
  • schedule 90 minutes

Data Risk Assessments Under U.S. Privacy Laws: Purpose, Requirements, Elements, Operationalizing the Process

$297.00

This course is $0 with these passes:

CLE
ALL
  1. keyboard_arrow_leftBack

About the Course

Introduction

This CLE webinar will discuss data risk assessment requirements and risks under U.S. data privacy laws. The panel will walk through the completion of various aspects of a privacy risk assessment and provide helpful tips and resources for making assessments more efficient and effective.

Description

Many state privacy laws require, or will soon require, companies to carry out assessments—referred to as data protection assessments, risk assessments, or DPIAs. These requirements extend to "high risk" activities or those that involve a "heightened risk of harm," including, in most cases, targeted advertising, sale of personal information (PI), and processing sensitive data, among many other things.

Risk assessments generally should include: a summary of the processing activity, a description of the personal data involved, the context and purpose of processing the data, a risk-benefit analysis, measures taken to mitigate risks, and identification of external and internal actors involved in processing the data. Some states have very specific additional requirements enumerated by law that must also be included in a risk assessment. Thus, it is imperative that each state's specific laws are reviewed before conducting and completing a risk assessment.

The assessment documentation must be available for review by regulators, and some states, including California, currently require or will soon require risk assessments (or summaries thereof) to be filed with the state and updated within prescribed timeframes. This means that companies subject to the applicable state privacy laws need to develop or refine their data inventory and assessment practices as a top priority in 2026 to be prepared for state enforcement of these requirements.

Listen as our authoritative panel of privacy experts reviews the current state laws governing privacy assessment requirements and risks and provides guidance to assist clients in developing risk assessment protocols and policies that address the nuanced requirements of the various state laws.

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.


  • Live Online


    On Demand

Date + Time

  • event

    Wednesday, February 25, 2026

  • schedule

    1:00 PM E.T.

I. Overview: What is a data risk assessment, and what is its purpose

II. Determining when a data risk assessment is required or advisable under state consumer privacy laws

III. Key elements of a data risk assessment

IV. Timeframe for conducting and documenting a risk assessment

V. Updating and maintaining risk assessments

VI. Requirements for filing or disclosing assessments with state regulators

VII. Preparing for California audit requirements

VIII. Tools and resources available to operationalize risk assessments for greater efficiency and effectiveness

IX. Practitioner pointers and key takeaways

The panel will discuss these and other key considerations:

  • When is a risk assessment required or advisable in most states?
  • What information is required to be included in a risk assessment?
  • When must risk assessments be conducted and updated, and how long should they be maintained?
  • What are the requirements for filing or disclosing risk assessments to state regulators?
  • What resources and tools are available to operationalize risk assessments for greater efficiency and effectiveness?