Beyond Compliance: Adapting Privacy Policies to Evolving Laws & Best Practices
DATA TRACK / CASE STUDY
ROOM 302-303 / APR. 8 / 9:45 AM - 10:10 AM
About this session
This session will provide IT professionals with a comprehensive guide to updating organizational privacy policies in response to the wave of new state privacy laws coming into effect. Designed to go beyond mere compliance, the presentation will focus on integrating modern best practices to update (or create) privacy policies that are both legally sound and user-centric. Attendees will gain practical insights into new key legal requirements from state laws such as the California Privacy Rights Act (CPRA) (2023), which updated the CCPA (2020), the Virginia Consumer Data Protection Act (VCDPA) (2023), the Iowa Privacy Rights Act (2025), and other emerging state frameworks.
The session will also delve into actionable strategies for implementing these changes, emphasizing the importance of aligning privacy policies with organizational data practices, user expectations, and current security standards. Through detailed explanations and real-world examples, participants will learn to identify gaps in their existing policies and design transparency mechanisms that comply with legal mandates while enhancing user trust. By the end of the session, attendees will leave equipped with practical tools and a roadmap for ensuring their privacy policies not only meet legal requirements but also reflect the best practices for privacy and data security in 2025 and beyond.
Key takeaways
1. Proactive Compliance: Understand the evolving landscape of state privacy laws and learn how to adapt an organization’s policies to stay ahead of legal requirements.
2. Actionable Strategies: Gain practical tools and step-by-step guidance for updating privacy notices and integrating user-friendly consumer notice mechanisms.
3. Modern Best Practices: Learn from real-world examples and case studies to create privacy policies that are both legally compliant and user-centric.
Speakers
Lee Henderson
Attorney
BrownWinick Law Firm
Lee Henderson is a member of BrownWinick specializing in business law and transactions, with specialized expertise in technology and information privacy and security. Having spent over seven years as a leader of a talented in-house legal team and officer of a top 50 property and casualty insurance company headquartered in Des Moines, Iowa, including three years as the enterprise privacy director, Lee understands firsthand the challenges of making decisions in a highly regulated environment with less than perfect information, but within budget, and on time.
Brian McCormac
Attorney
BrownWinick Law Firm
Brian S. McCormac is a member attorney at BrownWinick and is currently the Chair of the Recruiting Committee. Brian is actively involved in the firm’s Business and Corporate Law, Litigation, Intellectual Property, and Agribusiness practice groups. Brian assists clients with a wide range of legal concerns, including litigation, business transactions, compliance, and advertising and promotions.
Brian has a diverse background, which includes practicing at an AmLaw 50 firm, serving as corporate counsel for a multinational corporation, and acting as the general counsel for a water utility. Clients benefit from Brian’s ability to combine the attention to detail gained through working at a large law firm with the efficiency and practicality required of in-house attorneys.
Brian’s practice focuses on business and commercial transactions and litigation, as well as advertising, promotions and media law. Brian played a key role in the acquisition of several companies including a major international transaction. He also frequently drafts and reviews supply, distribution, non-disclosure, and technology and software license agreements.
Brian has been involved in significant antitrust litigation, including consumer class actions, and counsels clients on antitrust issues. While serving as in-house counsel, Brian developed and implemented an international antitrust compliance program and delivered antitrust training to key employees. Brian works with clients in various industries to structure lawful sweepstakes and promotions. He also reviews advertising material for compliance and claims substantiation. Brian also assists clients with data privacy, social media and e-commerce issues.
Brian has extensive commercial litigation experience, including defending clients in consumer fraud and products liability class actions. He also has successfully handled many eminent domain matters and trademark enforcement actions.
Stay Connected
Stay in-the-know on all things TAI including updates and announcements regarding the Iowa Technology Summit 2025.
Follow us on LinkedIn and X
Interested in Sponsorship Opportunities?
Amplify your brand and marketing efforts and reach new audiences.
Join us as a sponsor.
Sign Up For TAI News
Join our monthly newsletter covering new, events and ways to connect and engage with Iowa's vibrant technology community