Podcast: Addressing Patient Complaints About Privacy Violations
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
Top Healthcare Compliance Priorities for 2025
AI Legislation: The Statewide Spotlight - Regulatory Oversight Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
AI Legislation: The Statewide Spotlight — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
The Next FCRA Frontier: Identity Theft and CFPB Updates — FCRA Focus Podcast
Episode 366 -- DOJ Issues Data Security Program Requirements
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — The Good Bot Podcast
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Innovations in Compliance: Data Collection & Cybersecurity with ModeOne’s Matt Rasmussen and Ryan Frye
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
Welcome to “SERC’ling Up,” your resource for staying ahead in today’s fast-evolving financial landscape. This newsletter delivers perspectives on the latest enforcement trends, regulatory updates and high-stakes developments...more
The Italian Data Protection Authority (the Garante) has issued its first GDPR fine for, among other breaches, unlawful retention of metadata from employees’ emails and web browsing activities. The decision applies, for the...more
Le 23 avril 2025, dans l’affaire Insurance Corporation of British Columbia v. Ari (décision disponible uniquement en anglais), la Cour d’appel de la Colombie-Britannique (la « CACB ») a confirmé une décision de première...more
The past year has introduced some uncertainty for institutional defendants facing privacy breach class actions in Canada. While Ontario’s Court of Appeal has been consistent in its approach to class actions against “database...more
Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been...more
Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more
AI service provider Serviceaide Inc. faces two proposed class action lawsuits from a data breach tied to Catholic Health System Inc., a nonprofit hospital network in Buffalo, New York. The breach reportedly exposed the...more
There is nothing more inherently unique and personal to an individual than his or her DNA. Unlike many other types of personal information, a person’s DNA is immutable. It can be the key to unlocking extremely sensitive...more
On May 8, the California Privacy Protection Agency (CPPA) ordered a Florida-based data broker to pay a $46,000 fine for failing to register and pay an annual fee as required by the Delete Act. The CPPA noted that the...more
In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
Selected U.S. Privacy & Cyber Updates - DOJ Settles False Claims Act Case with MORSECORP over Cybersecurity Program - On March 26, 2025, the U.S. Department of Justice (DOJ) announced that it had reached an agreement with...more
Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as...more
On January 14, 2025, Sen. Brent Howard and Rep. John Pfeiffer introduced Senate Bill 626, which amends and updates Oklahoma’s Security Breach Notification Act, 24 Okla. Stat. § 161 et seq. That Act currently requires that...more
A federal district court recently found that employees aren’t protected by Kentucky’s consumer protection law because they don’t qualify as consumers, handing a solid win to employers. The April 21 decision in Viviali v. One...more
When we are retained by clients to guide them through a cyber-attack in which information has been stolen by a threat actor, we almost always find that the client has unnecessarily stored sensitive information far beyond the...more
Healthcare is a very personal experience. In order to receive the best care, individuals must share the most intimate details about themselves. For this reason, trust between patients and healthcare providers is crucial. Data...more
Welcome to this month’s issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security, & Data Protection practice. We invite you to share this resource with your colleagues and visit...more
On April 23, 2025, in Insurance Corporation of British Columbia v. Ari, the British Columbia Court of Appeal affirmed a class action judgment awarding aggregate damages of C$15,000 per class member without proof of...more
The Artificial Intelligence and Machine Learning (“AI/ML”) risk environment is in flux. One reason is that regulators are shifting from AI safety to AI innovation approaches, as a recent DataPhiles post examined. Another is...more
On March 28, 2025, the Florida Bar unanimously approved Recommendation 25-1, which was proposed by its Cybersecurity & Privacy Law Committee and encourages all Florida Bar members and their firms to adopt certain proactive...more
PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health...more
In Shah v. Capital One Financial Corporation, the Northern District of California handed down a ruling that may shape the trajectory of litigation involving tracking technologies, online privacy policies, and California’s...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
Earlier this year, the IRS confirmed that over 400,000 taxpayers were victims of IRS contractor Charles Littlejohn’s 2019 leak of taxpayer data, which is discussed here. Littlejohn stole IRS data that included taxpayers’...more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more