2022 Legal Guide to Privacy and Data Security


We are excited to announce publication of the 2022 version of the Lathrop GPM Legal Guide to Privacy and Data Security.

This Guide is a collaborative effort of Lathrop GPM and the State of Minnesota. The purpose of the Guide is to help businesses and organizations navigate the legal issues related to privacy and data security and covers the key federal, state, and global privacy laws, as well as best practices.

While we have not yet seen a comprehensive federal data privacy law, Virginia and Colorado followed California in passing new data privacy laws in 2021. Other states have legislative initiatives underway, and we are likely to see more states enacting data privacy laws this year.  Any business that collects personal information of Colorado, Virginia, or California residents will want to become familiar with these new laws.

Businesses should focus on the concepts that are consistent across most of the federal and state privacy bills/laws (data minimization, data subject rights, notice, and consent). Operationalizing these concepts and remaining flexible will allow businesses to adapt and comply with this ever-changing legal landscape.

In 2021 the European Commission issued new Standard Contractual Clauses (SCC’s) that can be used to transfer personal data from the EU in compliance with the GDPR. These SCC’s may now be the only legal mechanism available to a U.S. based business that collects, stores, or processes personal data of EU residents.

The Guide can be downloaded from the Minnesota Department of Employment and Economic Development website or our law firm website, here.   

We welcome your thoughts and comments as we will continue to update this Guide as necessary to keep current with the ever-changing privacy and data security laws.

Our team of experienced data privacy lawyers is available to help you navigate and comply with these new laws and regulations.