Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency’s Artificial Intelligence Security Center (NSA AISC), and the FBI have issued new AI data security guidelines. These new guidelines are aimed...more
The Measures outline requirements and procedures for self-initiated and regulator-mandated compliance audits from May 1, 2025....more
State attorneys general across the U.S. took bold steps in 2024 to address unlawful activities by corporations in several areas, including privacy and data security, financial transparency, children’s internet safety, and...more
On April 8, the National Security Division of the U.S. Department of Justice’s (DOJ) new rule on cross-border data transfers takes effect. It restricts U.S. businesses from transferring certain bulk sensitive personal data to...more
In 2024, state attorneys general (State AGs) focused on a broad variety of areas and industries including, in particular, emerging industries such as artificial intelligence (AI) and privacy and social media protections....more
Malaysia issued a regulatory guideline for data breach notification in February 2025. This article discusses how the new regulation affects businesses in Malaysia. On 25 February 2025, Malaysia's Personal Data Protection...more
Generative AI is incredibly popular. So popular that many GenAI tools now have browser extensions that work across all open pages of the browsers upon which they are installed. They helpfully summarize pages, highlight...more
The growing prevalence of data breaches has led to an uptick in class action litigation based on consumers' personal information allegedly being accessed. A common theme emerging in these lawsuits is plaintiffs claiming that...more
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our...more
Publications & Advisories - January 31, 2025 – Kathleen Benway, Maki DePalo, Jennifer Everett, and Hyun Jai Oh published “Privacy, Cyber & Data Strategy Advisory | FTC Finalizes Amendments to COPPA Rule.”...more
New York, Texas, and Virginia are the first states to ban DeepSeek, the Chinese-owned generative artificial intelligence (AI) application, on state-owned devices and networks....more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates...more
India just released a landmark draft of new rules to refine and implement the Digital Personal Data Protection Act (DPDP Act) – which is India’s first comprehensive data privacy legislation regulating digital personal data...more
Each year, Data Privacy Week offers an opportunity for companies and professionals to revisit the fundamentals of data privacy. This year, we are celebrating Data Privacy Week, which runs through January 31, by releasing a...more
Companies continue to face a patchwork of state data privacy laws, federal agencies targeted companies' collection of sensitive consumer information, and a handful of states passed artificial intelligence-related regulation...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
In a groundbreaking enforcement action, Texas Attorney General Ken Paxton has filed a lawsuit against Allstate Corporation and its subsidiary Arity, alleging systematic violations of the Texas Data Privacy and Security Act...more
Overall, the Report recognized the complex interplay between AI advancement and privacy/security concerns, advocating for a balanced approach that promotes innovation while protecting individual rights and national interests....more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Four years after the Brazilian General Data Protection Law (LGPD) came into force, Brazil’s Superior Court of Justice (STJ) recently issued a list of precedents exploring how the court applied the law and addressed the...more
The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
Governor Gavin Newsom has vetoed SB 1047, the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, marking a significant development in California’s approach to AI regulation. Both the tech industry and...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal...more