To say mergers and acquisitions present significant risk is an understatement; however, additional vulnerabilities are being exposed as bad actors threaten to exploit privacy and data security leaks during the transition. ...more
7/24/2025
/ Acquisitions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Merger Agreements ,
Mergers ,
Personal Data ,
Risk Management
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
7/7/2025
/ Collection Agencies ,
Consumer Information ,
Credit Unions ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
New Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
WISP
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
6/26/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employee Monitoring ,
Human Resources Professionals ,
Location Data ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements ,
Risk Management ,
Technology ,
Third-Party
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like...more
6/24/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Liability ,
New Legislation ,
Personal Data ,
Punitive Damages ,
Risk Management ,
Safe Harbors ,
Small Business ,
State Privacy Laws ,
Texas
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
6/9/2025
/ Algorithms ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Employee Monitoring ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Surveillance ,
Technology
The Oregon Legislature recently enacted House Bill 3875, amending the Oregon Consumer Privacy Act (OCPA) effective September 28. 2025, to broaden its scope to include motor vehicle manufacturers and their affiliates that...more
5/30/2025
/ Automotive Industry ,
Car Dealerships ,
Data Collection ,
Data Privacy ,
Dealerships ,
Manufacturers ,
New Legislation ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just...more
5/28/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Attorneys General ,
State Privacy Laws
A recent series of articles by the International Association of Privacy Professionals discusses a trend in privacy litigation focused on breach of contract and breach of warranty claims.
Practical Takeaways-
• Courts are...more
5/21/2025
/ Breach of Contract ,
Business Litigation ,
Consumer Privacy Rights ,
Contract Disputes ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Litigation Strategies ,
Personal Information ,
Privacy Policy ,
Websites
In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more
On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more
3/24/2025
/ Business Associates ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Risk Management
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more
According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including...more
Businesses that track the geolocation of individuals—whether for fleet management, sales and promotion, logistics, risk mitigation, or other reasons—should closely monitor the progress of California Assembly Bill 1355 (AB...more
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel...more
1/29/2025
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Dashcams ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Monitoring ,
Employee Privacy Rights ,
Equal Employment Opportunity Commission (EEOC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Third-Party Service Provider ,
Wearable Technology
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive...more
1/21/2025
/ Confidential Information ,
Confidentiality Agreements ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Former Employee ,
Intellectual Property Protection ,
Personal Data ,
Personal Information ,
Restrictive Covenants ,
Risk Management ,
Sensitive Business Information ,
Trade Secrets ,
UTSA
If you are looking for a high-level summary of California laws regulating artificial intelligence (AI), check out the two legal advisories issued by California Attorney General Rob Bonta. The first advisory is directed at...more
1/17/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
CMIA ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
1/13/2025
/ Compliance ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Identity Theft ,
Incident Response Plans ,
Information Technology ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
School Districts ,
State Privacy Laws ,
Vendors
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
1/9/2025
/ Artificial Intelligence ,
Biometric Information ,
Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Deep Fake ,
FBI ,
Fraud ,
Identity Theft ,
Know Your Customers ,
Multi-Factor Authentication ,
Phishing Scams ,
Risk Management ,
Secret Service ,
Social Engineering
As more employers incorporate wearable technology in the workplace, including those enhanced by artificial intelligence, the Equal Employment Opportunity Commission (EEOC)’s new fact sheet “Wearables in the Workplace: The Use...more
1/8/2025
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Compliance ,
Data Collection ,
Data Privacy ,
Disability Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
GINA ,
Medical Devices ,
Pregnant Workers Fairness Act ,
Reasonable Accommodation ,
Title VII ,
Wearable Technology ,
Workplace Safety
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws-
This year saw a...more
1/2/2025
/ Artificial Intelligence ,
Biometric Information ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Privacy Rights ,
Fair Credit Reporting Act (FCRA) ,
Personal Data ,
Privacy Laws ,
Retirement Plan ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Web Tracking
Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective. Here is an overview of businesses needing to prepare....more
Massachusetts’ highest court recently issued an opinion that delves into the complex intersection of privacy law and modern technology. The case centers around whether the collection and transmission of users’ web browsing...more
Data privacy and security risk and compliance issues relating to exchanges of personal information during merger, acquisition, and similar transactions can sometimes be overlooked. In 2023, we summarized an enforcement action...more
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
9/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fortune 500 ,
Governance Standards ,
Intellectual Property Protection ,
Machine Learning ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more