Date/Time: Tuesday, November 16, 2:00 – 6:00 p.m. ET

The FCBA Privacy and Data Security Committee and the American Bar Association’s Forum on Communications Law will hold the 16th Annual Privacy & Data Security Symposium: “The Evolving Privacy Landscape in the Absence of Federal Legislation” on Tuesday, November 16 from 2:00 – 6:00 p.m. ET.  This program will be held virtually via the Zoom platform.

A comprehensive, omnibus privacy law has long been on the table in Congress, but it never seems to make it to the House or Senate floor.  While such legislation progresses in fits and starts, other government bodies have been flexing their authority to regulate the privacy practices of U.S. businesses. In the past few years, several states have passed omnibus privacy legislation or laws targeted to address specific privacy issues, and more are expected.  At the federal level, the Federal Trade Commission (FTC) has given increasing signals that it will take a more aggressive stance against consumer privacy harms.  Beyond the U.S.’s borders, other countries have started to follow the lead of the European Union in adopting comprehensive privacy laws.

These actions sometimes overlap, but often diverge, leaving businesses—and the legal professionals that serve them—reeling as they attempt to keep up.  This event will take a deeper dive into this evolving landscape, examining the latest developments in the states, at the FTC, and abroad and exploring how U.S. companies can implement policies and procedures that meet the expanding expectations of the varying regimes in the dynamic data ecosystem.

Click here to register.

If you are an ABA Forum on Communications Law member, please contact Elizabeth Hagerty at to register.

Click here to sponsor.  Sponsorship of the event is available for $1,000 and includes one complimentary registration for the symposium.  Sponsors cannot register online.

The FCBA has applied for 3.5 hours of MCLE credit from the VA Bar.  This program has not yet been approved.


2:00 – 2:05 p.m.         Welcome and Introduction
Chris Laughlin
, Associate, Kelley Drye & Warren LLP

2:05 – 2:15 p.m.         Keynote Address: Congressional Efforts to Establish a National Privacy Standard
Congresswoman Cathy McMorris Rodgers (R-WA), Ranking Member, House Energy and Commerce Committee

2:15 – 2:25 p.m.         Opening Remarks
S. Jenell Trigg, Member, and Chair, Privacy, Data Protection and Cybersecurity Practice, Lerman Senter PLLC

2:25 – 3:35 p.m.         Session I: How the FTC is Filling the Federal Privacy Law Void

In the absence of an omnibus federal privacy law, the FTC remains the leading arbiter of how companies must protect the privacy of consumers across the U.S.  With its new and incoming leadership, the agency seems poised to significantly expand its efforts, which could have substantial implications for businesses.  In March, the agency launched a new team to handle rulemakings, and the commissioners voted to streamline the FTC’s rulemaking procedures in July, which together are expected to smooth the way for comprehensive FTC privacy rules.  Agency leadership has also signaled that it will use its existing authority to enforce against unfair and deceptive acts and practices that harm consumer privacy before new rules are adopted.  Additionally, the FTC is expected to continue its robust enforcement of the Children’s Online Privacy Protection Act (COPPA) and its COPPA rules, which the agency may soon update.  This panel will explore these developments and what they mean for businesses and consumers.


Alan Butler, Executive Director and President of the Electronic Privacy Information Center (EPIC)

Jessica Lee, Partner, Chair, Privacy, Security & Data Innovations, Loeb & Loeb LLP

Rachel Nemeth, Senior Director, Regulatory Affairs, Consumer Technology Association

David Vladeck, A.B. Chettle, Jr., Professor of Law, Georgetown University Law Center


Chris Laughlin, Associate, Kelly Drye & Warren LLP

3:35 – 3:40 p.m.         Break

3:40 – 4:45 p.m.         Session II: The Growing Patchwork of State Privacy Laws

Without a comprehensive privacy law at the federal level, states have continued to consider and adopt laws to regulate privacy.  In 2018, California was the first state to adopt omnibus legislation:  the California Consumer Privacy Act (CCPA).  This was followed by the California Privacy Rights Act of 2020 (CPRA), approved by California voters that year.  In 2021, Virginia and Colorado followed suit by enacting their own omnibus privacy laws, which will go into effect in 2023.  In addition to these omnibus frameworks, targeted state privacy laws are affecting how companies do business, including laws that govern biometrics, online privacy, and ISP privacy.  State Attorneys General have been active implementing and enforcing their privacy laws, as well as unfair and deceptive acts and practices that affect consumer privacy.  As national companies contend with the growing patchwork of state privacy frameworks, this panel will discuss the various laws, rulemaking activity, enforcement trends, and legislative proposals that should inform an organization’s compliance strategies and planning.

Kate Goodloe, Senior Director, Policy, BSA | The Software Alliance

Stacey Gray, Senior Counsel, The Future of Privacy Forum

Ryan G. Kriger, Assistant Attorney General, Vermont Office of the Attorney General, Public Protection Division

Pooja Tolani, Associate Corporate Counsel, Microsoft

Yael Weinman, Vice President and Associate General Counsel – Privacy, Verizon


Kathleen Scott, Associate, Wiley

4:45 – 4:50 p.m.          Break

4:50 – 5:55 p.m.         Session III: Going Global—International Data Protection in a Connected World

International data privacy never rests.  International developments have started shaping the daily operations of U.S. businesses.  These data protection regimes leave companies mapping and assessing their data collection, use, and retention strategies.  Organizations conduct deep-dives to determine whether they can engage in cross-border data transfers.  Enforcement actions highlight each jurisdiction’s strategy along with the breadth of potential extraterritorial application.  Meanwhile, international laws and regulations are in a constant state of flux even as the U.S. carries on without comprehensive privacy legislation.  In August 2020, China passed its first omnibus data protection law, the Personal Information Protection Law (PIPL).  One month later, Quebec acted to modernize the protections of personal information with the digital age in mind.  At the same time, organizations will have until December 2022 to migrate to the new European Union Standard Contractual Clauses.  This panel will discuss the various laws and regulations impacting international data protection and how they impact decisions by American businesses, including cross-border data transfers, in the absence of U.S. federal privacy legislation or meaningful changes to how the U.S. government can access data.


Megan Gray, Principal, GrayMatters Law & Policy

Will Orlewicz, Principal, Relic Law

Cobun Zweifel-Keegan, Deputy Director, Privacy Initiatives, BBB National Programs


Jennifer Dukarski, Shareholder, Butzel Long

5:55 – 6:05 p.m.          Closing Remarks

Evelyn Remaley, Acting Assistant Secretary of Commerce for Communications and Information, National Telecommunications and Information Administration

6:05 p.m.                     Final Word and Thank You

Thanks to the FCBA/ABA Symposium Sponsors!

Consumer Technology Association (CTA)

Lerman Senter PLLC

Thanks to the ABA Passport Sponsors!

Arnold & Porter



Ballard Spahr

Bryan Cave Leighton Paisner

Davis Wright Tremaine



Holland & Knight

Jackson Walker

Katten Muchin Rosenman

Lincoln Bandlow Law


The E.W. Scripps Company

Sheppard Mullin

Shullman Fugate

University of Florida, College of Journalism and Communications

Venable LLP

Vinson & Elkins LLP




Register Online