What is Considered Sensitive and Personal Information


CLE credits earned: 1 General Credit (WA 1 Law and Legal)

The term “sensitive personal information” is often referred to in contracts, regulatory guidance, and policy documents. What constitutes sensitive personal information, and the practical implications of that designation differ among laws, regulations, and privacy frameworks.

The program will discuss what types of personal information are considered “sensitive” under different legal regimes including the CCPA, CPRA, CPA, VCDPA, and GDPR, and explain how that designation impacts what businesses can, and cannot, do with information.

This course is co-sponsored with myLawCLE.

Key topics to be discussed:

•   How different statutes and regulations use the phrase “sensitive personal information”
•   What companies must do in order to collect sensitive personal information from consumers and employees
•   What restrictions are imposed on companies that collect sensitive personal information
•   What regulatory considerations should companies consider

Date / Time: September 15, 2021

•   12:00 pm – 1:00 pm Eastern
•   11:00 am – 12:00 pm Central
•   10:00 am – 11:00 am Mountain
•   9:00 am – 10:00 am Pacific

Choose a format:

•   Live Video Broadcast/Re-Broadcast: Watch Program “live” in real-time, must sign-in and watch program on date and time set above. May ask questions during presentation via chat box. Qualifies for “live” CLE credit.

•   On-Demand Video: Access CLE 24/7 via on-demand library and watch program anytime. Qualifies for self-study CLE credit. On-demand versions are made available 5 business days after the original recording date and are view-able for up to one year.

Closed-captioning available

Select your state to see if this class is approved for CLE credit.

Choose the format you want.


Original Broadcast Date: September 15, 2021

Karin E. Ross_myLawCLE SpeakerKarin E. Ross | Greenberg Traurig, LLP

Karin E. Ross focuses her practice on data privacy, cybersecurity, and technology transactions. Karin has counseled a diverse array of companies from startups to Fortune 500 companies in both local and global markets. She works closely with clients on data privacy and security compliance programs and advises on existing and emerging privacy and data protection legislation, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA).

Her experience spans a range of industries including consumer goods, medical technology, financial services, ecommerce, and restaurants. Karin also has substantial experience in drafting and negotiating commercial and technology agreements, including data licensing agreements, cloud and software-as-a-service agreements, software license agreements, professional services agreements, and website terms and conditions.

Karin formerly served as in-house corporate counsel at a Fortune 500 health care company where she supported regulatory compliance efforts related to health care and clinical research activities. She draws upon her in-house experience to provide clients practical advice and creative solutions for meeting their compliance obligations while advancing business objectives.
David Zetoony_myLawCLE SpeakerDavid Zetoony | Greenberg Traurig, LLP

David Zetoony, Co-Chair of the firm’s U.S. Data, Privacy, and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cybersecurity laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation.

David receives regular recognition from clients and peers for his knowledge and experience in the fields of data privacy and security. The National Law Journal named him a “Cybersecurity and Data Privacy Trailblazer,” JD Supra recognized him four times as one of the most widely read names when it comes to data privacy, cybersecurity, or the collection and use of data, and Lexology identified him seven times as the top “legal influencer” in the area of technology, media, and telecommunications in the United States, the European Union, and in the context of cross-border transfers of information.

He is the author of the American Bar Associations primary publication on the European General Data Protection Regulation (GDPR) and is writing the American Bar Association’s primary publication on the California Consumer Privacy Act (CCPA).

Accreditation Policy

myLawCLE seeks accreditation for all programs in all states except, ME, VA, and WV. Each attending attorney/paralegal will receive a certificate of completion following the close of the CLE program as proof of attendance. In required states, myLawCLE records attorney/paralegals attendance, in all other states attorney/paralegal is provided with the approved CLE certificate to submit to their state bar or governing association.

    Automatic MCLE Approvals

All myLawCLE CLE programs are accredited automatically either directly or via reciprocity in the following states: AK, AR, CA, CT, FL, HI, ME, MO, MT, ND, NM, NJ, NY and VT. (AZ does not approve CLE programs, but accepts our certificates for CLE credit.)

    Live Video Broadcasts

Live video broadcasts are new live CLE programs being streamed and recorded for the first time. All of these programs qualify for “Live” CLE credit in all states except NV, OH, MS, IN, UT, PA, GA, and LA —these states require in-person attendance to qualify for “Live” CLE credit.

    “Live” Re-Broadcasts

“Live” Re-broadcasts are replays of previously recorded CLE programs, set on a specific date and time and where the original presenting speakers calls in live at the end of the event to answer questions. This “live” element allows for “live” Re-broadcast CLEs to qualify for “Live” CLE credits in most states. [The following states DO NOT allow for “live” CLE credits on re-broadcast CLEs: NV, OH, MS, IN, UT, PA, GA, and LA]


Many states allow for credit to be granted on a 1:1 reciprocal basis for courses approved in another mandatory CLE jurisdiction state. This is known as a reciprocity provision and includes the following states: AK, AR, HI, CT, FL, ME, MO, MT, ND, NM, NJ, and NY. myLawCLE does not seek direct accreditation of live webinars or teleconferences in these states.

I. Statutes and regulations use the phrase “sensitive personal information” | 12:00pm – 12:20pm
II. What companies must do in order to collect sensitive personal information from consumers and employees | 12:20pm – 12:35pm
III. What restrictions are imposed on companies that collect sensitive personal information | 12:35pm – 12:45pm
IV. What regulatory considerations should companies consider| 12:45pm – 1:00pm