If you are looking for a high-level summary of California laws regulating artificial intelligence (AI), check out the two legal advisories issued by California Attorney General Rob Bonta. The first advisory is directed at...more
1/17/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
CMIA ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
This month, the New Jersey Attorney General’s office (NJAG) added to nationwide efforts to regulate, or at least clarify the application of existing law, in this case the NJ Law Against Discrimination, N.J.S.A. § 10:5-1 et...more
1/13/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Compliance ,
Discrimination ,
Diversity and Inclusion Standards (D&I) ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
Housing Discrimination ,
New Jersey ,
NJLAD ,
State Attorneys General ,
Title VII
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
1/13/2025
/ Compliance ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Identity Theft ,
Incident Response Plans ,
Information Technology ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
School Districts ,
State Privacy Laws ,
Vendors
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
1/9/2025
/ Artificial Intelligence ,
Biometric Information ,
Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Deep Fake ,
FBI ,
Fraud ,
Identity Theft ,
Know Your Customers ,
Multi-Factor Authentication ,
Phishing Scams ,
Risk Management ,
Secret Service ,
Social Engineering
As more employers incorporate wearable technology in the workplace, including those enhanced by artificial intelligence, the Equal Employment Opportunity Commission (EEOC)’s new fact sheet “Wearables in the Workplace: The Use...more
1/8/2025
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Compliance ,
Data Collection ,
Data Privacy ,
Disability Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
GINA ,
Medical Devices ,
Pregnant Workers Fairness Act ,
Reasonable Accommodation ,
Title VII ,
Wearable Technology ,
Workplace Safety
The Indiana Attorney General Office (OAG) filed a detailed complaint on December 23, 2024 (Complaint) which arose out of the following patient complaint:
The OAG received a consumer complaint stating that the consumer had...more
On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to advance proposed regulations concerning automated decisionmaking technology. While the comment period is ongoing and we do not have final rules, we...more
Governor Kathy Hochul signed several bills last month designed to strengthen protections for the personal data of consumers. One of those bills (S2659B) makes important changes to the notification timing requirements under...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws-
This year saw a...more
1/2/2025
/ Artificial Intelligence ,
Biometric Information ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Privacy Rights ,
Fair Credit Reporting Act (FCRA) ,
Personal Data ,
Privacy Laws ,
Retirement Plan ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Web Tracking
Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective. Here is an overview of businesses needing to prepare....more
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)....more
12/5/2024
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Independent Contractors ,
OCR ,
Risk Management ,
Security Rule
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks....more
12/2/2024
/ AirBnB ,
Cybersecurity ,
Data Breach ,
Phishing Scams ,
Popular ,
Property Management Companies ,
Risk Management ,
Third-Party Service Provider ,
Vacation Rentals ,
Vendors ,
Websites
Massachusetts’ highest court recently issued an opinion that delves into the complex intersection of privacy law and modern technology. The case centers around whether the collection and transmission of users’ web browsing...more
On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. This comes on the heels of the California Civil...more
Governor Newsom recently signed two significant bills focused on protecting digital likeness rights: Assembly Bill (AB)1836 and Assembly Bill (AB) 2602. These legislative measures aim to address the complex issues surrounding...more
Artificial Intelligence (AI) has created numerous opportunities for growth and economic development throughout California. However, the unregulated use of AI can lead to a Pandora’s Box of undesirable consequences. A...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the...more
9/26/2024
/ Artificial Intelligence ,
Australia ,
Consent ,
Cybersecurity ,
De-Identification ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Office of Australian Information Commissioner (OAIC) ,
PHI ,
Training
According to the California legislature, audio recordings, video recordings, and still images can be compelling evidence of the truth. However, the proliferation of Artificial Intelligence (AI), specifically, generative AI,...more
Data privacy and security risk and compliance issues relating to exchanges of personal information during merger, acquisition, and similar transactions can sometimes be overlooked. In 2023, we summarized an enforcement action...more
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
9/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fortune 500 ,
Governance Standards ,
Intellectual Property Protection ,
Machine Learning ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and...more
A recent Forbes article summarizes a potentially problematic aspect of AI which highlights the importance of governance and the quality of data when training AI models. It is called “model collapse.” It turns out that over...more
While the craze over generative AI, ChatGPT, and the fear of employees in the professions landing on breadlines in the imminent future may have subsided a bit, many concerns remain about how best to use and manage AI. Of...more