Hunton Andrews Kurth writes:
On November 12, 2025, the Centre for Information Policy Leadership (“CIPL”) at Hunton published a discussion paper titled “Comparing U.S. State Privacy Laws: Covered and Sensitive Data” (“Discussion Paper”), the latest in its discussion paper series comparing key elements of U.S. state privacy laws.
The concepts of personal data – and the types of personal data categorized as “sensitive” – are foundational elements of U.S. state privacy laws and regulations. However, the criteria for what qualifies as “sensitive” – and the legal consequences that follow – are not always aligned across U.S. state privacy laws. As a result, organizations are tasked with operationalizing varying definitions across a fragmented and inconsistent legal landscape.
The Discussion Paper analyzes the scope, applicability, exemptions and key definitions of “personal data” and “sensitive” data under comprehensive U.S. state privacy laws. It examines the most common approaches, as well as outliers, with a focus on three topics:
- The concept of personal data (or “personal information”) (including an analysis of exclusions such as “deidentified” and “publicly available” data)
- The definition of “sensitive data” (or “sensitive personal information”)
- Relevant exemptions
Read more at Privacy & Information Security Law Blog.
Direct link to their Discussion Paper.