We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more
Welcome to our fourth issue of 2025 of Decoded - our technology law insights e-newsletter. We hope you enjoy this issue and thank you for reading. Sector by Sector: How Data Breaches are Wrecking Bottom Lines - “Data...more
Concerns about claims of legal professional privilege over third-party investigation reports produced in the course of responding to cyberattacks, and the extent to which such reports can be shielded from disclosure in legal...more
Courts across the country are becoming skeptical of data breach and web tracking claims that assert theoretical privacy violations without alleging any actual injury to the plaintiffs. Recent decisions underscore that courts...more
Consumers have been trading their DNA for a personal genetic history lesson with 23andMe since 2007. The company has since become extremely popular and has collected a trove of genetic information relating to more than 14...more
Several state attorneys general (AGs) and the Federal Trade Commission (FTC) have begun scrutinizing ancestry tracking company 23andMe following its recent announcement that it has filed for Chapter 11 bankruptcy. As part of...more
In 2024, state attorneys general (State AGs) focused on a broad variety of areas and industries including, in particular, emerging industries such as artificial intelligence (AI) and privacy and social media protections....more
Malaysia issued a regulatory guideline for data breach notification in February 2025. This article discusses how the new regulation affects businesses in Malaysia. On 25 February 2025, Malaysia's Personal Data Protection...more
On February 14, 2025, New York’s Governor Hochul signed into law A.B. 920, which amended the state’s Information Security Breach and Notification Act to add personal health information to the types of data that constitute...more
The growing prevalence of data breaches has led to an uptick in class action litigation based on consumers' personal information allegedly being accessed. A common theme emerging in these lawsuits is plaintiffs claiming that...more
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our...more
Publications & Advisories - January 31, 2025 – Kathleen Benway, Maki DePalo, Jennifer Everett, and Hyun Jai Oh published “Privacy, Cyber & Data Strategy Advisory | FTC Finalizes Amendments to COPPA Rule.”...more
In our annual Cyber Looking Ahead Guide, we share key insurance market themes that emerged in 2024 and offer our predictions for 2025. Here are the trends we examine in the Guide: We also explore some pressing topics we...more
India just released a landmark draft of new rules to refine and implement the Digital Personal Data Protection Act (DPDP Act) – which is India’s first comprehensive data privacy legislation regulating digital personal data...more
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law. The Bills introduce a maximum thirty-day timeframe...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
23andMe agreed to pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more