Briefing on New State Data Privacy Laws with a Spotlight on Tennessee’s New NIST Privacy Framework-Related Affirmative Defense

A patchwork of state data privacy laws is quickly blanketing the country. In 2023 at least six newly enacted laws are being added to the existing privacy requirements across the states. These new laws add to the increasing complexity and challenges encountered by organizations as they navigate the legal environment. Our panel will discuss the latest on privacy happenings at the state level, including newly passed state privacy laws in Iowa, Indiana, Montana, Florida, Washington, and Tennessee and others. Of note, Tennessee is the first state to enact a privacy law that explicitly requires a written privacy program that “reasonably conforms” to the NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management. During our panel, you will learn how your organization can leverage the NIST Privacy Framework to build a robust privacy program to meet your compliance obligations.

Speakers

Michael Signorelli
Partner
Venable LLP

 

 

 

Michael Signorelli, co-chair of the Technology and Innovation Group, focuses his practice on advising and representing clients on issues related to data privacy and security. Mike regularly advises companies on compliance with relevant Internet, cybersecurity, advertising, and marketing regulations, as well as responding to data breaches. He represents clients in federal and state data-related legislative issues, rulemaking proceedings, and other matters before the Federal Trade Commission (FTC), Federal Communications Commission (FCC), Federal Election Commission (FEC), the U.S. Department of Commerce, and other U.S. federal and state agencies.

 

Jamie Danker
Senior Director of Cybersecurity and Privacy Services
Venable LLP

 

 

 

Jamie Danker combines her federal government and private sector experience to help clients build more trustworthy systems, products, and services through adoption of cybersecurity and privacy risk management practices. Jamie brings deep privacy, identity, and cybersecurity knowledge along with diverse perspectives from oversight, operational, and guidance organizations based on her prior roles in government and industry.

 

Allaire Monticollo
Associate
Venable LLP

 

 

 

Allaire Monticollo advises clients on U.S. and international privacy and security requirements. Allaire tracks and analyzes emerging legislation and advocates for clients in comment submissions to Congress, state attorneys general, and federal and state agencies. She also counsels trade associations and private companies on compliance with laws and regulations, including state data breach notification laws, the General Data Protection Regulation (GDPR), the Children's Online Privacy Protection Act (COPPA), and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).

 

Ivy Orecchio
Cybersecurity and Privacy Services Project Manager
Venable LLP

 

 

 

Ivy Orecchio draws on her experience delivering privacy services to federal, state, and local government entities to support clients in establishing privacy as a core value in their organization's unique identity. Ivy is experienced in privacy program management and design and regularly assesses the impact of privacy programs, identifying opportunities for growth, and recommending action items and other mitigation strategies to operationalize privacy. She has ample knowledge and experience with applying NIST guidance and a variety of privacy frameworks, including the AICPA Privacy Management Framework (formerly known as the Generally Accepted Privacy Principles or GAPP) and the NIST Privacy Framework.