We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
With the continued absence of comprehensive federal privacy legislation after nearly 20 years of debate, state attorneys general (AGs) are increasingly asserting their role as primary regulators in the data privacy space....more
The SEC’s amended Regulation S-P, adopted last year, will soon enhance data privacy protections for broker-dealers, investment companies, registered investment advisors, and transfer agents. The updated rule requires these...more
On 10 June 2025, the new statutory tort for serious invasions of privacy came into force as part of a suite of privacy reforms passed last year, substantially enhancing privacy protections and signalling a material shift in...more
Please visit here to visit our Mintz Matrix page with the latest edition of the Mintz Matrix, which is a 50-state resource we have maintained since 2009 to break down and summarize requirements of U.S. state data breach...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
The seventh annual edition of DLA Piper’s GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion (USD1.26 billion/GBP996 million) in...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
On December 24, 2024, New York Governor Kathy Hochul signed into law amendments to New York’s private-sector data breach notification law (General Business Law § 899-aa) and government agency data breach notification law (New...more
In today’s hyperconnected world, cyberattacks are no longer a question of if but when. For general counsels (GCs), the responsibility extends far beyond legal risk management - it’s about guiding the organization through the...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
In a settlement with Marriott International and its subsidiary Starwood hotels and Resorts Worldwide, the FTC will require Marriott to implement a new comprehensive data security program. The settlement stems from a series of...more
In a recent federal case from New York, the court dealt a blow to plaintiffs suing over data breaches. The plaintiffs had filed a putative class action suit, alleging that they (and others like them) had been harmed by the...more
Transparency might be the most important food group in data privacy compliance, especially with the Federal Trade Commission, Office of the New York State Attorney General and California Privacy Protection Agency focusing...more
A California federal court recently ruled that disclosure of certain data collected through website cookies that may qualify as health information could trigger a data breach under the California Consumer Privacy Act (CCPA) –...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
On July 4, 2024, the B.C. Court of Appeal issued a duo of class action appeal decisions considering the potential scope of statutory and common law privacy claims against data custodians that fall victim to cyberattacks in...more
To the surprise of some, Governor DeSantis recently vetoed a bill that would have provided businesses with a defense to claims arising from “cybersecurity incidents” that lead to data breaches – so long as they met a few...more
Tennessee Governor Bill Lee signed legislation on May 22, 2024, that will shield private entities from class action lawsuits stemming from a cybersecurity event unless the event was caused by willful, wanton, or gross...more
A recent judgment of the European Court of Justice (ECJ) sheds light on the question of whether a data controller can be exempted from liability for the error of a person acting under its authority....more
This post is part of a series of articles we are doing on 2023 data protection litigation trends. While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
The world is witnessing a flurry of activity surrounding issues of data protection, cybersecurity, artificial intelligence (AI), and consumer privacy. According to the National Conference of State Legislators, some 40 US...more
Welcome to Holland & Knight's monthly data privacy and security news update that includes the latest in policy, regulatory updates and other significant developments....more