Drew Bagley, Sarah Beth Jansen, Tim Kurth

Proposed federal privacy bills captured much attention this summer as a potential consequential change in U.S. data regulation. However, five states recently have enacted new privacy laws that require businesses to implement risk-based security safeguards or risk facing fines. Many of these provisions will go into effect in 2023, and the scope is generally broader than similar security requirements that are already on the books in 23 states. Like the proposed federal bills, these new laws require organizations to implement “reasonable security” to protect data against breaches. This session will provide an overview of these new legal requirements and shed light on what “reasonable security” looks like in this era of ever-evolving cyber threats.

Drew Bagley, Vice President & Counsel, Privacy & Cyber Policy, Crowdstrike
Sarah Beth Jansen, Partner, Franklin Square Group
Tim Kurth, Chief Counsel, Consumer Protection & Commerce Subcommittee, House Energy & Commerce Committee – Minority


drew bagley
Drew Bagley

VP & Counsel, Privacy & Cyber Policy

Sarah Beth Jansen

Franklin Square Group

Tim Kurth

Chief Counsel, Consumer Protection & Commerce Subcommittee
House Energy & Commerce Committee – Minority