Vault Door

Key Takeaways from "2025 Privacy Overview: How to Ensure Compliance and Reduce Business Risk"

Coblentz partner Scott Hall and members of the Coblentz Data Privacy Team presented “2025 Privacy Overview: How to Ensure Compliance and Reduce Business Risk” on October 21, 2025. The team discussed the global and U.S. AI legal landscape, provided an overview of U.S. state privacy laws, updates related to children’s privacy and health data privacy, 2025 privacy litigation trends related to the Video Privacy Protection Act (VPPA), the California Invasion of Privacy Act (CIPA), and California’s SB 690, and summarized regulatory enforcement actions.

Key Takeaways

Proactive Privacy Governance Is Now a Legal Imperative

Businesses should develop a unified privacy governance framework that harmonizes obligations across state, federal, and international laws. Fragmented compliance efforts create operational risk and regulatory exposure, especially as new state privacy laws (now in 20 states) expand enforcement. Embedding privacy impact assessments into product and vendor workflows is essential.

Contracts Are the Front Line for Risk Allocation

Businesses should tighten data processing agreements, vendor clauses, and cross-border transfer mechanisms. In-house teams should review indemnity and liability provisions related to data breaches, confirm that vendors meet equivalent security standards, and ensure ongoing audit rights. “Paper compliance” can be a recurring pitfall as documentation must reflect actual practice.

Incident Response Readiness and Documentation Drive Defensibility

Businesses should ensure that incident response plans are legally defensible and not just operationally sound. This includes maintaining privileged documentation, conducting post-incident reviews, and aligning notification procedures with each jurisdiction’s timing requirements. Regulators are now assessing whether response documentation shows “reasonable security practices” in action.

If your company needs assistance with any privacy issues, Coblentz Data Privacy & Cybersecurity attorneys can help. Please contact Scott Hall at shall@coblentzlaw.com for further information or assistance.

To view the recording of our 2025 Privacy Overview webinar, please click here.

To view our 2025 Privacy Developments Action Item Checklist, please click here.