If you have ever encountered the GDPR as a privacy professional, you will be all too aware of the need to conduct privacy impact assessments (PIAs) to understand the level of risk your processing activities will introduce to the rights and freedom of individuals. Similarly, California’s CPRA requires businesses that process consumers’ personal information to conduct a cybersecurity audit on an annual basis. It’s clear those collecting personal information in the US will likely encounter differing obligations when conducting PIAs, owing to the emergence of comprehensive state privacy laws. This master class will compare the different assessment requirements under California’s CPRA, Virginia’s CDPA, and Colorado’s Privacy Act.