Advertising Law Tool Kit - Fourteenth Edition - 2026

Venable / 65 64 / Venable Privacy and Data Security — State Privacy Laws • Develop or update contracts with vendors as required under applicable laws. • Conduct employee training in your company on the current and forthcoming state privacy laws. • Stay up to date on developments to help your business adapt to the evolving state data privacy landscape. • Guidance from state regulators and enforcement actions can highlight areas where businesses should focus their compliance activities. Even if they are not subject to comprehensive state privacy laws, businesses may have privacy- and security-related legal obligations under other state laws, federal statutes, or contracts. The below questions are critical for assessing your business’s corporate privacy and security practices. If you answer yes to any of the first ten questions or no to the last two, consider engaging experienced privacy counsel: • Do you use information about customers for marketing or other purposes not related to the particular sale or transaction in which you collected the information? • Do you sell personal data about consumers that is not collected through a direct relationship with the consumer? • Do you collect and retain contact information from individuals when they interact with you? Is any consumer information collected via apps? • Do you ask visitors to your website to disclose their ages? Do you advertise to children online? Do you knowingly collect personal data from minors under the age of 18? • Do you process information that may be considered “sensitive” under state laws? Do you process or retain credit card information? Do you process or retain health-related information? • Do you have a privacy policy on your website or app? Is it outdated? • Do you provide services to companies subject to omnibus state privacy laws? • Do you conduct business with companies in the healthcare, financial services, video streaming, or telecommunications sectors? If so, do you process personal data about individuals when conducting business in these industries? • Do you monitor your employees in the workplace? • Do you collect, receive, or otherwise process personal data about customers, employees, vendors, or other residents of Europe or other foreign jurisdictions? Do you transfer personal data about European individuals to other jurisdictions? Do you transfer personal data about U.S. individuals to other jurisdictions? • Do you have an effective written security program designed to safeguard personal data with adequate technical, administrative, and physical protections? Do you conduct regular tests of your data security program and mitigate any vulnerabilities detected in such tests? • Do you have an effective response plan in place for data security incidents?