As new omnibus privacy laws are enacted in the United States and abroad, businesses must confront the challenge of developing and adapting their privacy programs amidst a rapidly evolving legal landscape.

Compliance with data protection laws is becoming more complex as new laws and regulations are enacted around the world. In the United States alone, new omnibus privacy laws will go into effect next year in California, Colorado, and Virginia—and it is very likely that more states will follow suit. To help companies respond to this dynamic environment, Perkins Coie has created the Privacy Starter Kit.

The Privacy Starter Kit is a compilation of roadmaps, checklists, templates, and guidance documents designed to help our clients develop and maintain comprehensive privacy programs. The Privacy Starter Kit was built to address laws like the EU’s General Data Protection Regulation (GDPR), the California Privacy Rights Act of 2020 (CPRA), which amended the existing California Consumer Privacy Act of 2018 (CCPA), Virginia’s Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA). Among the resources provided are:

• Access to our proprietary data mapping tool, Data Navigator, which enables companies to take the foundational step of documenting and understanding their data practices.
• Roadmaps and compliance checklists that identify the various components of a compliant privacy program and enable clients to track their progress.
• Templates and guidance documents to help companies comply with various notice and consent requirements.
• Playbooks and templates to assist companies in establishing or adapting policies and procedures for addressing consumer rights requests (for example, requests to access, delete, or correct personal information).
• Guidance documents that explain more complex concepts, such as sales and sharing of data, financial incentives, profiling, sensitive personal information, and cross-border data transfers.
• Checklists to ensure data sharing agreements with service providers and other third parties contain legally required provisions.
• Templates that companies can use to build out internal privacy and security policies, procedures, and trainings.