Red Clover Advisors

As we pause to celebrate Thanksgiving, we’re reflecting on what we’re most grateful for—your unwavering support. We take pride in making privacy simple to understand and helping companies navigate this confusing privacy landscape. Your trust makes our work meaningful, and for that, we are grateful. From our table to yours, the entire team at Red Clover Advisors, wishes you a Happy Thanksgiving! May your day be filled with loved ones, laughter, and delicious food (including that second slice of pie!)

80% of companies say they are mostly prepared for 2025 privacy laws. (According to our recent webinar survey poll) To help companies solidify their readiness, we were SO grateful to host a webinar with David Stauss, Partner at Husch Blackwell. His insights were invaluable as we unpacked the complexities of 8 privacy laws taking effect in 2025. Here are some of the main takeaways: - Maryland’s groundbreaking privacy law shifts the burden from consumers to businesses with strict data minimization rules. Personal data collection must be "reasonably necessary," and sensitive data requires a "strictly necessary" standard. - Minnesota introduces first-of-its-kind requirements, such as mandatory data inventories and clear privacy program documentation, setting a new compliance benchmark. - Children’s privacy protections are expanding. Laws like Maryland’s Kids Code and New York’s Child Data Act introduce stricter consent rules for processing children’s data and require default privacy settings to offer a high level of privacy. - Cookie compliance is under the microscope. Regulators are focusing on dark patterns and ensuring cookies reject properly when users opt out. Regular audits are a must. - Data retention policies are no longer optional. Laws like Minnesota’s require businesses to document and justify data storage practices. Action tips for businesses: - Update or create a comprehensive data inventory to understand what kind of data you collect, how it’s used, and who you share it with or sell it to. - Conduct Privacy Impact Assessments (PIAs) to identify and mitigate privacy risks. Maryland has a unique PIA obligation—don’t overlook it. Review and update privacy notices to reflect any new data processing activities. - Create a cookie governance plan and audit and update your cookie consent banners to ensure compliance with evolving regulations. - Update or implement a privacy rights request process for handling consumer data access and deletion requests, as required under most privacy laws. - Create ongoing and engaging team training. Role-based training is great for educating teams on privacy rights, Privacy Impact Assessments (PIAs), and the nuances of state-specific privacy laws. We can help with all these things, and check out our complimentary privacy resources - including our just released 2025 Privacy Checklist: https://lnkd.in/gWBFjMtV And be sure to check out Husch Blackwell's super awesome privacy law trackers and blog: https://lnkd.in/ekVjY-m Missed the webinar? No worries! Watch our full webinar replay here: https://lnkd.in/gVcHaiMf

361.6 billion emails flood inboxes worldwide every day. (according to Forbes) Marketers collect more data than ever. It's a goldmine for campaigns—but a privacy minefield if mishandled. Because today's consumers demand transparency. And many privacy laws require companies to know exactly where their marketing data comes from and where it goes (among other things). Neglecting this isn’t just risky—it can erode trust, invite hefty fines, and harm your reputation. Yet companies often lack a clear view of everything marketing is doing. That’s not a surprise. Marketing is complex with so many moving pieces and parts. From email campaigns to targeted advertising and cookies and pixels…. We get it. It's a lot to manage. And we know this can be overwhelming for companies (because we help them with it all the time!) We also know marketers aren’t privacy experts. And they shouldn’t have to be. That’s why we created the 6 Steps to Privacy Compliance for Marketers Guide. It’s designed to help marketers: - Understand their data - Learn the privacy laws without the legal jargon - Manage cookies, pixels, and other digital trackers - Build campaigns that prioritize trust - + more! Written by a marketer and a privacy pro-for marketers like you... Think of this guide as your roadmap to privacy compliance. And it doesn't require an email to download! If you need help, contact us. We love helping companies build privacy-friendly marketing programs. In the meantime, download the guide here: https://lnkd.in/gmBmAgG5

Privacy by design shouldn't be a roadblock to innovation. But how do you make it work in practice? During a recent She Said Privacy/He Said Security podcast episode, Comcast's Chief Privacy & Data Strategy Officer Christin McMeley shared an innovative approach - privacy tabletops. Think of it as privacy impact assessments brought to life. By bringing together engineering, privacy, legal, and business teams early in the development process, organizations can: ? Identify potential privacy challenges before they become issues ? Build compliance into products from day one ? Navigate complex AI regulations proactively ? Transform privacy from a blocker into an enabler ? Create better products that customers trust With privacy laws multiplying and AI regulation evolving rapidly, companies need practical solutions that work today while preparing for tomorrow. Listen to the full episode to learn how privacy tabletops can help your organization build trust while moving at the speed of innovation: https://lnkd.in/g6jQ6MSw #PrivacyByDesign #DataPrivacy #Innovation #ResponsibleAI #PrivacyEngineering

Privacy operations can feel like an uphill battle. Whether you’re starting fresh or fine-tuning an existing program... It's easy to feel confused, unsure of where to begin or what’s next. That’s where Red Clover Advisors comes in. To simplify the process and give you the clarity you need. That's why you'll want to sign up for our complimentary five-part Fundamentals of Privacy Operations Series. Delivered straight to your inbox - it's designed to help you create a successful privacy program that works for your organization AND consumers. We’ll break down the ‘what,’ the ‘why,’ and the ‘how’ of the most fundamental elements of a privacy program, including: →Data Inventory →Privacy Rights Response →Privacy Notice →Privacy Risk Assessments →Third-Party Risk Management + A surprise bonus PLUS you can earn 6 IAPP CPE credits for completing the series! Level up your privacy game today and sign up today: https://lnkd.in/gQDzWFeH

Privacy laws like CCPA are challenging the First Amendment. As companies face rising costs and complex compliance requirements... Preparation makes all the difference. Companies can stay ahead by conducting privacy risk assessments and implementing data governance. Ready to learn how to tackle these challenges and position your business for success? Tune into the latest episode of She Said Privacy/He Said Security, as Jodi Daniels (Red Clover Advisors) and Justin Daniels (Baker Donelson) dive into the nuances of changing compliance requirements with Alan Friel, Chair of the Data Privacy, Cybersecurity & Digital Assets Practice at Squire Patton Boggs. They covered: ? How evolving privacy laws like the CCPA are reshaping compliance strategies ? The connection between privacy regulations and First Amendment challenges ? Why privacy risk assessments are essential for compliance and business success ? How businesses can proactively manage data to prepare for regulatory shifts ? Alan’s top personal privacy tip Key takeaways from their chat: 1?? Privacy compliance is a business enabler, not just a regulatory requirement 2?? Privacy risk assessments are vital to mitigating risks and supporting compliance 3?? Navigating the intersection of privacy laws and free speech requires clear governance strategies Want the full insights? Listen to the full episode here: https://lnkd.in/er4y6rdz As always, we hope you enjoy this week’s episode!

2025 brings eight new privacy laws into force. Is your company ready? Join Jodi Daniels and David Stauss, Partner at Husch Blackwell, for an action-packed webinar guiding you through privacy obligations and offering a clear roadmap to address them. You'll gain insights on: - The new privacy regulations coming into play in 2025 and what they mean for your business - Areas where privacy teams should be focusing their attention now - Practical, no-nonsense steps to ensure you’re ready for what’s next Whether it’s understanding the new laws or getting the right processes in place, don't miss the chance to get the guidance you need to navigate 2025 confidently. Get your business on track and sign up now for this complimentary webinar on THIS WEDNESDAY - November 20 at 12p EST. https://lnkd.in/g56Jqibj

Privacy isn’t boring – it’s a treat! Much like a delicious ice cream sundae. And just like an ice cream sundae, each layer of a solid privacy program is critical to help you stay compliant and earn customer trust. With the right ingredients, you can future-proof your company, boost sales, and bolster your brand’s reputation. Ready to dive in? Here’s how to build your privacy sundae: 1. Start with your container - Determine if GDPR, CCPA, and other global and state privacy laws apply to your business. No container. No sundae. 2. Establish a supporting foundation - Your data inventory is the foundation. It will show you the hows, whys, and wheres of your data collection practices. Without it, your sundae might melt. 3. Choose your flavor combinations: - An easy-to-digest privacy notice tells consumers what data of theirs is collected and how it’s shared and/or used. - Establish privacy rights request processes to determine how you respond when someone exercises their privacy rights. Be prepared to handle requests for access, deletion, or corrections. - Implement reasonable security measures, including the right tech and process protections to keep your data safe. 4. Add gooey toppings like: - Privacy Impact Assessments (PIAs) to identify privacy risks and ensure compliance with privacy laws in new or modified data processing activities. - A privacy plan to provide an overview your company’s privacy program. Avoid downtime by considering privacy early. - An incident response plan to manage data breaches.?Make it cross-functional, ensuring everyone knows their role if things get sticky. 5. Sprinkle on some cookies - Understand the hows, whys, and whos of your website digital trackers (i.e. cookies) and consent mechanisms. Regularly perform cookie audits to uncover and rectify any cookie-related mishaps. 6. Add the whipped cream - No sundae is complete without it. Train team members to understand their role in protecting user privacy.?Equip them with the knowledge they need to keep your privacy practices strong and effective. 7. Put the cherry on top - Now, show off that sundae! Share your privacy program with customers to build trust and prove you’ve got their data covered. Privacy is the ultimate treat. Serve it up right, and your business will be the go-to sundae bar for years to come! ? Repost to help more privacy pros build their privacy sundae.

By January 1st, 16 state privacy laws could apply to your company. While all these laws have similar obligations - nuances in scope and implementation can catch companies off guard. Yet preparation is power. Now is the time to act. Prepare with these 5 steps: 1. Understand What Laws Apply to Your Organization - Each state has its own requirements - Knowing the type and quantity of data you collect and how it’s used will help determine what laws apply to your organization - Look out for low scoping thresholds in places like Texas, Minnesota, and Nebraska 2. Refine Privacy Rights Management -Determine how to manage privacy rights requests—ALL state privacy laws mandate rights like access, deletion, rectification, and certain opt-outs. - Many states limit sensitive data collection to explicit consumer consent - Look for notable privacy rights variations in Oregon, Maryland and Indiana 3. Conduct Privacy Impact Assessments (PIAs) - Most state privacy laws require PIAs for high-risk processing activities like targeted ads. - Establish a PIA process. Include a clear PIA template, provide employee training, and embed PIAs in development workflows. - Maryland has a unique PIA obligation—don’t overlook it. 4. Update Privacy Notices - All state privacy laws require privacy notices at the time of collecting personal information. - Keep your privacy notice up-to-date and ensure (at a bare minimum) it covers data categories, third-party sharing, privacy rights options, and opt-out procedures. - Look out for unusual privacy notice obligations in California, Texas, and Rhode Island 5. Prepare for Enforcement - Proactive compliance can protect you from costly fines and reputational harm. - Have a privacy program in place to manage new and evolving obligations. - Most states offer a window to cure violations—use it wisely. As state privacy laws stack up, having a structured, adaptable approach will pave the path to sustainable compliance. Make 2025 the year your privacy program doesn’t just meet the minimum—it excels. Share these tips with other privacy pros. Read our latest blog: https://lnkd.in/gmgwkeZb And don't forget to sign up for our action-packed 2025 Privacy Roadmap webinar: https://lnkd.in/g56Jqibj

Don't trust your vendors. Vet them first. Because entrusting third-party vendors with your company’s data significantly heightens your risk exposure. And when vendors don’t uphold the privacy and security promises your company makes… It leaves your company open to liabilities, like fines and reputational harm. Yet companies can minimize third-party risks by: - Conducting a Privacy AND Security Assessment - Establishing a Secure Transfer Mechanism - Issuing Data Protection Agreements (a.k.a. vendor contracts) - Regularly Monitoring Third Parties - Appropriately Offboarding Third Party Vendors Managing third-party vendors can be a make-or-break factor in your privacy program. That's why it's so important to properly vet vendors for privacy and security risks. And to have a contract with all third-parties. (also a requirement under privacy laws) Yet sometimes third-party management can be overwhelming for companies (because there's a lot to consider) So we created a guide to help:?https://lnkd.in/gPZE3xWp We love helping companies with third-party risk management. If you need help, contact us. ??Share our infographic ?? ? Repost to help more privacy pros get complimentary privacy resources.