In this webinar, Alan will discuss these state laws and discuss best practices for how an organization that faces compliance across multiple states needs to inventory each states’ law, its requirements, and the organization’s data practices to determine what a compliance program will entail.
About the Webinar
At the Conexxus Annual Conference, General Counsel Alan Thiemann presented an updated matrix of state privacy/AI laws to provide a readily available means for a merchant or technology vendor to compare what compliance steps it should take based on where it is doing business and what types of personally-identifiable information it is collecting and processing. The current list of state consumer privacy laws now totals 21 and results in a complicated, nuanced structure, so an organization should consult with appropriate counsel to determine how to best pursue its legal options, including laws affecting loyalty programs.
In this webinar, Alan will discuss these state laws and discuss best practices for how an organization that faces compliance across multiple states needs to inventory each states’ law, its requirements, and the organization’s data practices to determine what a compliance program will entail.
This Matrix also includes information on how states are beginning to regulate artificial intelligence (AI) systems; only two states have adopted “stand alone” AI laws, while others have integrated some elements of AI regulation within their consumer privacy laws. This area of regulation promises to be very active in 2025 so Conexxus members, both retailers and vendors, should pay particular attention to how new state laws handle AI, either directly or indirectly.
DISCLAIMER: This Webinar and the Matrix are not intended to be, nor should they be, used as a determination of your legal rights or obligations. They are provided merely as aides for a Conexxus member to evaluate its compliance with applicable state consumer privacy/AI laws and regulations.
About the Speakers
Alan has served as General Counsel for Conexxus since October 1987. He currently is a principal in the firm of Conley Rose, P.C., a boutique IP firm with offices in Houston and Plano, Texas and Alexandria, VA.
Alan brings nearly 50 years of experience to the firm and manages the firm’s privacy/data security & testing practice, including advising clients on the evolving developments in US and international privacy, data security, and artificial intelligence laws and regulations. Alan also represented clients on a variety of business transactions, including complex international licensing and asset purchase transactions. He has also handled a host of federal and state regulatory and legislative matters involving education, employment, consumer payments., and privacy/cybersecurity.
In representing Conexxus, Alan focuses on retail technology antitrust/intellectual property issues affecting both Conexxus’ proprietary technology and ANSI/ISO standards development work. He has been active in the development of US National standards for the protection of financial and non-financial data, data breach notification, and privacy, as well as for EBT/SNAP (food stamp) transactions, the security of QR codes used for payments and identification, and the development of AI standards for financial services. Alan was a US delegate in the development of an XML version of payment card processing and an initial international standard for mobile payments.
Alan is a frequent speaker on privacy/security issues and has authored/edited various privacy publications.
Carolyn O’Neill is the Manager of Data Management at Maverik /Kum & Go. Carolyn has been with Maverik for 10 years working in data management, project management, operations, and accounting. She currently leads the privacy team at Maverik and is responsible for the execution of the privacy program.