Podcast: Addressing Patient Complaints About Privacy Violations
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
Top Healthcare Compliance Priorities for 2025
AI Legislation: The Statewide Spotlight - Regulatory Oversight Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
AI Legislation: The Statewide Spotlight — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
The Next FCRA Frontier: Identity Theft and CFPB Updates — FCRA Focus Podcast
Episode 366 -- DOJ Issues Data Security Program Requirements
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — The Good Bot Podcast
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Innovations in Compliance: Data Collection & Cybersecurity with ModeOne’s Matt Rasmussen and Ryan Frye
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
China rolled out its “new,” streamlined cross-border data transfer (CBDT) regime on March 22, 2024, with the issuance by the Cyberspace Administration of China (CAC) of the Provisions on Facilitating and Regulating...more
Businesses should expect to see “increased enforcement” from the California Privacy Protection Agency now that the agency has had four years to staff up and implement rules, the CPPA’s executive director said in an interview...more
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services. Laws/Regulations/National Standards directly regulating AI (the "AI Regulations") The Cyberspace...more
Regulations matter, but until they’re enforced, they’re all just so many words (so, so many words) on paper. Businesses know that what really counts is whether, how, where, and when regulators enforce the law....more
When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just...more
Key Takeaways - - Utah has introduced five new bills that further shape its existing Artificial Intelligence Policy Act and add new requirements. - Both the scope of disclosure requirements surrounding the use of AI...more
On July 1, the Virginia Consumer Protection Act (VCPA), as amended by Senate Bill (SB) 754, will provide additional privacy protections for reproductive and sexual health information. The legislation expands the VCPA to...more
The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. In a recent Cooley webinar, partner Patrick Van...more
In today's world, violations of individual privacy and secret disclosure are a serious problem. It may be eavesdropping, interception, recording, and the spreading of personal information without the consent of the other...more
On May 8, Montana Governor Greg Gianforte signed into law Senate Bill 297 (SB 297), a bill that significantly revises the existing Montana Consumer Data Privacy Act (MCDPA). Although the MCDPA took effect on October 1, 2024,...more
Important changes are coming to 42 CFR Part 2 (Part 2), which deals with the confidentiality of patients’ substance use disorder (SUD) records. On April 16, 2024, the US Department of Health and Human Services (HHS) published...more
The Commonwealth of Pennsylvania is re-joining the U.S. state privacy law race. State Rep. Edward Neilson recently proposed H.B 78, which features all the normal trappings of a state privacy law with a very low...more
After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
While the US federal government is largely scaling back its rulemaking and compliance efforts, one critical exception is where personal data and technology intersect with national security. Exemplifying this trend, on April...more
On April 16, regulators from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon announced the creation of the Consortium of Privacy Regulators, a new collaborative effort focused on the...more
In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating...more
In a noteworthy step toward international privacy collaboration, the California Privacy Protection Agency (CPPA) has entered into a formal declaration of cooperation with the U.K. Information Commissioner's Office (ICO). This...more
The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut,...more
The new Department of Justice (DOJ) rule governing international transfers of Americans’ information, codified at 28 C.F.R. Part 202, became effective on April 8, 2025....more
What's Changed? The U.S. Department of Justice (DOJ) published a Data Security Program (DSP), pursuant to a final rule (Final Rule), which became effective on April 8, 2025....more
U.S. organizations should carefully review and ensure their privacy and cybersecurity practices comply with a wide-ranging new federal rule establishing data transfer restrictions regarding sensitive U.S. personal data. The...more
On April 16, attorneys general from seven states and a state agency announced that they were forming the Consortium of Privacy Regulators, a new effort to better protect consumers’ privacy. The Consortium consists of the...more
As if legal and compliance professionals had enough responsibilities on their plates, DOJ dropped another shoe (to join the tariffs, sanctions and export controls, and immigration issues) and upped the stakes for ethics and...more
What happens when data protection collides with the relentless pace of digital innovation? That’s the question the European Data Protection Board (EDPB) seemed to confront head-on in 2024, a year marked by unprecedented...more
Hello, everyone. My name is Allan Medina. I am a partner in Goodwin’s Washington, DC, office, with a practice focus on government investigations. I’m here with Liza Craig, who is also a partner in the DC office. We are...more