We get Privacy for work — Episode 8: The Surge in Data Breach Lawsuits: Trends and Tactics
The Privacy Insider Podcast Episode 17: Security, Cyber-Intel, and a Sense of Humor with Nir Rothenberg of Rapyd
We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon Lipham of Maynard Nexsen
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Innovation in Compliance: The Critical Importance of Mobile Application Security: Insights from Subho Halder
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
Navigating the Maze: eDiscovery Essentials for Employers — Hiring to Firing Podcast
Top Healthcare Compliance Priorities for 2025
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
Episode 366 -- DOJ Issues Data Security Program Requirements
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
On September 9, 2025, China announced the landmark administrative penalty against Dior (Shanghai) over unlawful cross-border transfers of personal information, with the primary violation being the failure to satisfy the...more
In a move to further bolster data privacy, China’s State Administration for Market Regulation and the Standardization Administration of China jointly issued a national standard, GB/T 45574-2025, Data Security Technology –...more
Welcome to QuickHits! A concise newsletter that covers current cases, recent hot topics, and/or pressing questions pertaining to the rapidly evolving U.S.-China relationship and related legal and commercial environments....more
This monthly report outlines key developments in China’s data protection sector for August. The following events merit special attention: CAC Summons NVIDIA Over Cybersecurity Concerns Related to H20 Chip: On July 31, CAC...more
The Department of Justice’s (“DOJ”) Data Security Program (“the Program”, 28 C.F.R. Part 202) went into effect on April 8 with a 90-day period of limited enforcement. With DOJ now expecting full compliance, with additional...more
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
This monthly report outlines key developments in China’s data protection sector for July. The following events merit special attention: CAC Issues Third Edition of the Data Export Security Assessment Application Guide: On...more
On July 9, 2025, the Department of Justice (“DOJ”) commenced enforcement of its new Data Security Program (“DSP”) to prevent foreign adversaries from accessing sensitive U.S. data. Created earlier this year, the program seeks...more
On April 8, 2025, the US Department of Justice’s National Security Division’s final rule regulating sensitive data about US persons came into effect. DOJ also announced a 90-day grace period on enforcement. At a moment of...more
On July 8, the DOJ’s National Security Division (NSD) will begin enforcing its Data Security Program according to a notice from April titled “Data Security Program Implementation and Enforcement Policy” which outlined the...more
The US Department of Justice’s (DOJ’s) final rule implementing Executive Order (EO) 14117, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern went...more
The U.S. Department of Justice (DOJ) is set to enforce its sweeping new rule on certain U.S. data transactions with countries of concern and covered persons as of July 9, 2025. The new rule regarding “Preventing Access to...more
The Department of Justice’s (DOJ) 90-day grace period for compliance with the Data Security Program (DSP) ends on July 8, 2025, and enforcement is expected to begin. This regulatory regime was created for national security...more
China’s primary data regulator, the Cyberspace Administration of China (CAC), released two sets of Q&As with respect to exporting data from China, one in April and one in May. The questions were selected from those raised...more
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) bulk sensitive data rule (rule), which prohibits individuals or entities from certain foreign countries, including China, from accessing...more
On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of...more
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
China rolled out its “new,” streamlined cross-border data transfer (CBDT) regime on March 22, 2024, with the issuance by the Cyberspace Administration of China (CAC) of the Provisions on Facilitating and Regulating...more
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services. Laws/Regulations/National Standards directly regulating AI (the "AI Regulations") The Cyberspace...more
U.S. organizations should carefully review and ensure their privacy and cybersecurity practices comply with a wide-ranging new federal rule establishing data transfer restrictions regarding sensitive U.S. personal data. The...more
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
On January 8, 2025, the U.S. Department of Justice (“DOJ”) issued its final rule to implement Executive Order 14117 aimed at preventing access to Americans' bulk sensitive personal data and government-related data by...more
In a Press Release issued April 11, 2025, the U.S. Department of Justice (“DOJ”) indicated that it would prioritize “facilitating compliance” over civil enforcement actions for the first 90 days of its new US-China data...more
A new U.S. federal rule restricts bulk sharing of sensitive personal information and governmental information with certain countries, for some key industries. In December 2024, the Department of Justice issued a comprehensive...more
The cross-border transfer of personal information (hereinafter referred to as “PI,” and such transfers as “PI export”) is a routine and often essential part of business operations for companies in China—particularly...more