Compliance Tip of the Day: Crowd Sourcing Risk Intelligence
AI in eDiscovery Today: An Open Conversation
Tenant Tales and Reseller Realities: Inside the FCRA Arena With Eric Ellman — FCRA Focus Podcast
Early Returns Podcast - Oliver Roberts: AI and the Law, and an Education
Driven by Data: Auto Finance Trends Uncovered - Moving the Metal: The Auto Finance Podcast
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
Innovations in Compliance: Data Collection & Cybersecurity with ModeOne’s Matt Rasmussen and Ryan Frye
Early Days of the Trump Administration: Impact on the CFPB — The Consumer Finance Podcast
CFPB's Inquiry Into Payments Privacy — Payments Pros – The Payments Law Podcast
Innovation in Second Requests: Data is Your Greatest Asset
Podcast: How Delaying Third Party Discovery Can End Up Costing You Dearly
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
The Presumption of Innocence Podcast: Episode 48 - Digital Boundaries: Fourth Amendment Protections in a Connected World
eDiscovery Needs Digital Forensics for a Mobile World
A Sneak Peek into Data Mapping: What Implementation Really Looks Like
It's Time to Think About Data Mapping Differently
EEO-1 Filing After June 4: What to Do Now, and How to Prepare for Next Year - Employment Law This Week®
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
We recently discussed the legal developments related to fair use in AI training. Through a bipartisan bill titled the AI Accountability and Personal Data Protection Act (the “Bill”), introduced on July 21, 2025, U.S. Senators...more
Starting today, July 31, 2025, the Minnesota Consumer Data Privacy Act (“MCDPA”) officially takes effect. Signed by Governor Tim Walz in May 2024, this act majorly affects how the personal data of Minnesota residents is...more
The use of AI recording tools has become prevalent. Companies’ policies addressing the legal issues with these tools is not yet as prevalent. If your company’s AI policy does not address these issues, it needs to be updated....more
Dans l’affaire Clearview AI Inc v. Alberta (Information and Privacy Commissioner) (l’« affaire Clearview ») (en anglais), la Cour du Banc du Roi de l’Alberta (la « CBRA ») a élargi la portée de l’exception relative aux...more
Websites are ubiquitous, and so are cookies and tracking pixels (a/k/a web beacons). A web browser uses cookies to store login details and preferences; the cookies also track and profile user behavior. When visiting a...more
A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to adopt a double...more
New York’s Child Data Protection Act (NYCDPA) has gone into effect, introducing sweeping new requirements for businesses that collect personal data from minors under 18. While New York has not yet joined the ranks of the...more
In Clearview AI Inc v. Alberta (Information and Privacy Commissioner) (Clearview), the Court of King’s Bench of Alberta expanded the scope of the “publicly available” exception to the consent requirement for the collection,...more
On June 6, 2025, the United States District Court for the Northern District of California dismissed a number of claims being brought against Google related to its alleged improper collection of health-related data though...more
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
As privacy enforcement ramps up, effectively managing opt-out requirements under state privacy laws is a top risk mitigation measure. But complying with opt-outs is not just a matter of providing a consumer-facing opt-out...more
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
Amazon and Starbucks notched a decisive win in the fast-evolving world of biometric privacy litigation, securing the full dismissal of a proposed class action in the U.S. District Court for the Western District of Washington....more
In a significant decision for privacy class action litigation, a federal judge in California recently denied the certification of a proposed class action involving claims under the state’s invasion of privacy law. The May 29...more
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
In May 2025, Montana enacted Senate Bill 163 (SB 163), amending that state’s Genetic Information Privacy Act (MGIPA) to include protections for neurotechnology data—namely, data collected from the activity of the central or...more
New Jersey’s Office of Consumer Protection has prepared proposed rules for the New Jersey Data Privacy Act (NJDPA) (Proposed Rules). While the bulk of the Proposed Rules consist of recitations of the obligations found in the...more
As mobile device applications continue to proliferate – magnified in no small part by the recent surge in artificial intelligence-related tools to facilitate creation of apps – they have become indispensable tools for...more
Orrick's Founder Series offers monthly top tips for UK startups on key considerations at each stage of their lifecycle, from incorporating a company through to possible exit strategies. The Series is written by members of our...more
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in...more
Last May, Colorado Governor Jared Polis signed into law amendments to the Colorado Privacy Act ("CPA") that impose new obligations governing the collection, processing, retention, and disclosure of Coloradans' biometrics. The...more
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
In today’s data-driven sports industry, teams, leagues and sponsors increasingly rely on biometric and performance data to enhance player performance, prevent injuries and optimize contract negotiations. Such data collection...more
Financial institutions that use code-based tracking technologies may soon find themselves facing increased scrutiny and legal exposure as the next wave of class action litigation begins. On December 19, 2024, a member of...more
Another month brings another California Privacy Protection Agency (CPPA) enforcement action, the agency's second enforcement action under the California Consumer Privacy Act (CCPA)....more