IAPP Global Summit 2026: Privacy | AI governance | Cybersecurity law

WASHINGTON, DC

30 March-2 April

Back to conference agenda

Less Is More: Why Data Minimization Matters to Privacy Laws

Monday, 30 March

11:45 - 12:45 EDT

Intermediate level

BREAKOUT SESSIONPRIVACYDATA SECURITYLAW AND REGULATIONU.S. STATE REGULATION

Data minimization obligations are a key part of privacy laws and an increasingly varied part of the state privacy landscape. This panel will dig into different approaches to data minimization, with a focus on US state privacy laws and how they compare to global approaches. In the U.S., many state privacy laws require companies to handle data for the purposes disclosed in their privacy policies. Other states create substantive limits on how data is collected and processed. This panel will compare and contrast data minimization obligations across the states, including in California, Connecticut, and Maryland, and discuss how those obligations stack up to global privacy laws like the GDPR. Panelists will also discuss why data minimization obligations matter, with views from panelists who span advocacy, industry, and regulatory perspectives.

What you will learn:

  • Data minimization obligations affect how companies can collect and use personal data.
  • How U.S. state data handling regulations differ.
  • Why data minimization obligations are important.

Moderator and speakers

headshot of Cobun Zweifel-Keegan

Cobun Zweifel-Keegan

CIPP/US, CIPM

Managing Director, D.C.

IAPP

headshot of Caitriona Fitzgerald

Caitriona Fitzgerald

Deputy Director and Policy Director

Electronic Privacy Information Center

headshot of Kate Goodloe

Kate Goodloe

Managing Director, Policy

Business Software Alliance

headshot of Tom Kemp

Tom Kemp

Executive Director

California Privacy Protection Agency