Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Digital Services Act ("DSA"), which entered into force for all intermediary services and online platforms in February 2024, aims to modernize and harmonize the regulation of third-party content across the EU. It notably...more
An increasingly aggressive plaintiffs’ bar has brought purported class action suits based on the nearly ubiquitous use of tracking technologies used for website analytics. Although any actual harm to the plaintiffs is...more
The California Privacy Protection Agency (“CPPA”) has made it abundantly clear: privacy compliance isn’t just about publishing the right disclosures – it’s about whether your systems actually work. On May 6, the agency fined...more
While readers of this blog are familiar with the proliferation of California Invasion of Privacy Act (“CIPA”) wiretapping claims, our readers may be less familiar with CIPA-related GET Request claims. Below, we explain what...more
On January 28, 2025, FINRA published its annual regulatory oversight report for 2025 (Report), which highlights observations and findings from FINRA’s oversight programs. The Report covers 24 topics, and for each topic it...more
Recently, we had the opportunity to advise some clients who worked with a third-party vendor that maintained custody of personal information pertaining to our clients’ respective end users. The vendor suffered a data breach...more
Those familiar with the industry know that cannabis retailers find themselves in a unique position compared to other product retailers. Cannabis retailers face significant regulatory hurdles to their operation—particularly in...more
Considering the rapid development and deployment of artificial intelligence (AI) in a wide array of applications and business sectors, it can be a daunting task for a company’s General Counsel (GC) to keep pace in identifying...more
On January 14, 2024, the Departments of Labor, Health and Human Services, and the Office of Personnel Management (the “Departments”) jointly released the FAQs About Consolidated Appropriations Act, 2021 Implementation Part 69...more
If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer...more
As recent high-profile litigation, government investigations, and large-scale data-security incidents have shown, organizations are often thrust into crisis mode, requiring rapid responses and close collaboration with third...more
In the ever-evolving world of cybersecurity, even organizations that meet stringent security standards can be victims of sophisticated cyberattacks. A notable example of this is the December 8, 2024 cybersecurity incident...more
Introduction and Background - On 5 December 2024, as part of the Monetary Authority of Singapore’s (MAS) incremental efforts to ensure responsible use of artificial intelligence (AI) in Singapore’s financial sector, MAS...more
When a customer purchases software-as-a-service (SaaS)–which is sometimes called a “cloud” service or product–the software is not hosted. It does not reside at the customer’s location or data center. Rather the software is...more
Missouri AG Andrew Bailey is issuing a regulation requiring social media companies to offer algorithmic choice for users in the state. Under the rule, it will be an unfair, deceptive, or fraudulent practice under the Missouri...more
Despite some favorable rulings, lawsuits alleging California Invasion of Privacy Act (“CIPA”) claims against companies that use third-party tracking technology to collect consumer data on their websites show no signs of...more
The New Jersey privacy statute – “Daniel’s Law” – has been in full effect for only a little more than a year now, but New Jersey courts have already been inundated with a wave of lawsuits. In February 2024 alone, more than...more
In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more
Readers of this blog may recall a recent favorable decision handed down by Massachusetts State’s highest court in which it found that Massachusetts Wiretap Act claims (“MWA”) do not extend to consumer interactions with...more
Bermuda is a British Overseas Territory. The modern legal system of Bermuda is established by the Bermuda Constitution Order 1968, an Order in Council of the United Kingdom that established the Supreme Court as the primary...more
The Hong Kong Securities and Futures Commission (SFC) has issued a circular that sets forth comprehensive guidelines and expectations for licensed corporations (LCs) regarding the responsible use of generative artificial...more
Perkins Coie’s Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA...more
Keypoint: California district courts continue to split over whether “knowledge” is required to plead liability under Section 631(a)’s fourth prong while two decisions show courts taking different approaches to VPPA claims at...more
Keypoint: Courts have started to issue Pixel-based wiretapping decisions, the Seventh Circuit weighs in on when a manufacturer can be forced to pay arbitration fees, and three courts showed different approaches to dismissing...more