On September 17, 2025, the Florida Agency for Health Care Administration (AHCA) will hold its first public meeting to discuss proposed rules designed to enhance transparency and preparedness around health care information...more
9/8/2025
/ Business Continuity Plans ,
Cybersecurity ,
Data Breach ,
Florida ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Incident Response Plans ,
Medicaid ,
Proposed Rules ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
The rapid adoption of AI notetaking and transcription tools has transformed how organizations (and individuals) capture, analyze, and share meeting and other content. But as these technologies expand, so too do the legal and...more
8/29/2025
/ Artificial Intelligence ,
California ,
CIPA ,
Class Action ,
Computer Fraud and Abuse Act (CFAA) ,
Consent ,
Data Privacy ,
Data Use Policies ,
ECPA ,
Privacy Laws ,
State Privacy Laws ,
Third-Party Service Provider ,
Vendors
On August 18, 2025, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with BST & Co. CPAs, LLP (BST). The announcement continues OCR’s escalating enforcement of the HIPAA...more
8/19/2025
/ Business Associates ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
PHI ,
Ransomware ,
Risk Assessment ,
Risk Management
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
8/14/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Security ,
Policies and Procedures ,
Privacy Policy ,
Ransomware ,
Risk Management ,
WISP
On July 1, 2025, California Attorney General Rob Bonta announced the largest CCPA settlement to date, which included a $1.55 million penalty against Healthline Media LLC. This settlement sends a clear message to businesses...more
8/6/2025
/ Advertising ,
California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookies ,
Data-Sharing ,
Enforcement ,
Enforcement Actions ,
Opt-Outs ,
Sensitive Personal Information ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Third-Party Service Provider ,
Web Tracking
On May 1, 2025, the California Privacy Protection Agency (CPPA) issued a Final Order in one of its first public enforcement actions under the California Consumer Privacy Act (CCPA), imposing a fine of nearly $350,000 on the...more
It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant...more
7/30/2025
/ Artificial Intelligence ,
Benefit Plan Sponsors ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Investment ,
Investment Management ,
Retirement Plan ,
Risk Management ,
Transparency ,
Vendors
On July 23, 2025, the White House released America’s AI Action Plan, a comprehensive national strategy designed to strengthen the United States’ position in artificial intelligence through investment in innovation,...more
7/25/2025
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Funding ,
Government Agencies ,
Infrastructure ,
Innovation ,
Internal Revenue Code (IRC) ,
Investment ,
National Security ,
Popular ,
Regulatory Reform ,
Reimbursements ,
Technology ,
Training ,
Trump Administration
To say mergers and acquisitions present significant risk is an understatement; however, additional vulnerabilities are being exposed as bad actors threaten to exploit privacy and data security leaks during the transition. ...more
7/24/2025
/ Acquisitions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Merger Agreements ,
Mergers ,
Personal Data ,
Risk Management
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
7/7/2025
/ Collection Agencies ,
Consumer Information ,
Credit Unions ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
New Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
WISP
The U.S. Senate voted early Tuesday to remove a proposed moratorium from the federal budget bill. This outcome marks a pivotal moment in the ongoing debate over artificial intelligence regulation in the United States....more
The Senate recently voting 99-1 to remove a 10-year moratorium on state regulation of AI says something about the impact of AI, but also its challenges.
A new MIT study, presented at the ACM Conference on Fairness,...more
Explained in more detail below, under the recent vacatur of most of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (the “Reproductive Health Rule”):
• The broad prohibitions on disclosing protected...more
6/30/2025
/ Administrative Procedure Act ,
Attestation Requirements ,
CARES Act ,
Constitutional Challenges ,
HIPAA Privacy Rule ,
Injunctions ,
Judicial Authority ,
Notice of Privacy Practices ,
PHI ,
Privacy Laws ,
Privacy Rule ,
Public Health ,
Reproductive Healthcare Issues ,
SCOTUS ,
Statutory Authority ,
Texas ,
Trump v CASA ,
Vacated
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
6/26/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employee Monitoring ,
Human Resources Professionals ,
Location Data ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements ,
Risk Management ,
Technology ,
Third-Party
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like...more
6/24/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Liability ,
New Legislation ,
Personal Data ,
Punitive Damages ,
Risk Management ,
Safe Harbors ,
Small Business ,
State Privacy Laws ,
Texas
Artificial Intelligence (AI) is transforming businesses—automating tasks, powering analytics, and reshaping customer interactions. But like any powerful tool, AI is a double-edged sword. While some adopt AI for protection,...more
6/16/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Deep Fake ,
Fraud ,
Phishing Scams ,
Risk Management ,
Risk Mitigation ,
Supply Chain
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more
6/11/2025
/ Best Practices ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Employees ,
FinTech ,
Former Employee ,
Hiring & Firing ,
Information Technology ,
Insider Information ,
NIST ,
Risk Assessment ,
Risk Management
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
6/9/2025
/ Algorithms ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Employee Monitoring ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Surveillance ,
Technology
On June 2, 2025, the U.S. Department of Labor (DOL) announced a significant expansion of its compliance assistance tools by launching an Opinion Letter Program across five key enforcement agencies, including the Employee...more
6/6/2025
/ Benefit Plan Sponsors ,
Compliance ,
Cybersecurity ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Information Letters ,
New Guidance ,
Opinion Letter ,
Regulatory Requirements ,
Retirement Plan ,
Risk Management ,
Transparency
The Oregon Legislature recently enacted House Bill 3875, amending the Oregon Consumer Privacy Act (OCPA) effective September 28. 2025, to broaden its scope to include motor vehicle manufacturers and their affiliates that...more
5/30/2025
/ Automotive Industry ,
Car Dealerships ,
Data Collection ,
Data Privacy ,
Dealerships ,
Manufacturers ,
New Legislation ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just...more
5/28/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Attorneys General ,
State Privacy Laws
California lawmakers have proposed new legislation to reshape the growing use of artificial intelligence (AI) in the workplace. While this bill aims to protect workers, employers have expressed concerns about how it might...more
5/22/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
Employee Rights ,
Enforcement ,
New Legislation ,
Personal Data ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
State Labor Laws ,
Transparency ,
Workplace Safety
A recent series of articles by the International Association of Privacy Professionals discusses a trend in privacy litigation focused on breach of contract and breach of warranty claims.
Practical Takeaways-
• Courts are...more
5/21/2025
/ Breach of Contract ,
Business Litigation ,
Consumer Privacy Rights ,
Contract Disputes ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Litigation Strategies ,
Personal Information ,
Privacy Policy ,
Websites
On March 10, 2025, California Attorney General Rob Bonta announced an investigative sweep targeting the location data industry, emphasizing compliance with the California Consumer Privacy Act (CCPA). This announcement follows...more
In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more