After Texas Ruling, States Seek to Fill Reproductive Health Data Privacy Gaps

Kaitlin Clemens and Dave Navetta, an associate and a partner in Troutman Pepper Locke’s Privacy + Cyber Practice Group, were quoted in the December 15, 2025 TechTarget article, “After Texas Ruling, States Seek to Fill Reproductive Health Data Privacy Gaps.”

• It also created confusion surrounding compliance, attorneys from the law firm Troutman Pepper Locke suggested in an October 2025 article published on the firm’s website. 
• Clemens and her colleagues suggested that, in the absence of federal oversight, entities dealing with reproductive health data should turn their focus to state laws, where applicable. 
• “You have an interconnected web of privacy laws. You have an interconnected web of data breach statutes for every single state. Also, there are federal regulations. Really, the biggest misconception is, well, if I’m not a covered entity under HIPAA, I don’t have anything to worry about,” Clemens said.  
• “And you no longer get into this exclusionary world where you say, okay, I’m not covered by that, so I’m good. Now, you need to do a deep survey into which states you need to comply with. If they apply to you at an entity level, are you operating in that state? There’s a lot of different questions that you can have that are going to impact the organization.” 
• …
• Several states have enacted privacy laws in recent years that touch on reproductive health data privacy to varying degrees. California, Washington, Virginia and New York are states to watch on this front, Clemens and her co-authors stated. 
• “So, the patchwork of laws, it just seems to grow and multiply,” Dave Navetta, partner at Troutman Pepper Locke and co-author on the firm’s article, said in an interview.  
• “We start off with comprehensive state privacy laws that are intended to cover all kinds of personal information. And then we get to specific types of data like biometric data, personal information around AI and automated decision making and reproductive health. So, we start to splinter into millions of nodes.” 
• …
• “Especially in Virginia, they cover small businesses, nonprofits. It is the little guys that really need to have their ears perked up to say, okay, well, we didn’t think we touched any of this data, but maybe we have a search bar where you can search for the nearest abortion clinic,” Clemens noted. “Suddenly, you’re put into that realm and you need to be really careful.” 
• …
• “Even a few years ago, you would be able to take that exclusionary approach and say, okay, check the box. I’m done. Wash your hands of it,” Clemens noted. “But with these states stepping up and filling in and saying, okay, it’s not only medical information. We’re going to talk about reproductive health information. You can see that targeted approach.” 
• …
• “It’s really hard to be a hundred percent compliant with every single law, every single day. Data is so fluid, it’s constantly moving,” Navetta said. “Borders don’t make a difference whatsoever. So, then you have to start reading tea leaves where the real risks actually reside.” 
• …
• “I think what regulators are going to care about is situations where that reproductive health information is kind of collected, aggregated, and then sold or made available to groups or regulators or even law enforcement who may use it to go after people,” Navetta reasoned. “That’s the thrust of these laws ultimately.” 
• Navetta and Clemens suggested speaking with counsel and maintaining an understanding of what state laws your organization is subject to. While future federal legislation is not out of the question, state-level laws are being enacted in real time, and should be carefully considered. 
• “I think before you see an overarching federal regulation, you’re going to see more state laws filling in the gaps,” Clemens predicted.