Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
The medical spa industry is thriving, but with growth comes complexity, particularly in New Jersey where healthcare and professional licensing rules intersect with business and real-estate regulations. For physicians, nurses,...more
On July 1, the U.S. Senate voted to fully remove the previously proposed ten-year moratorium on regulation of Artificial Intelligence by states (“AI Moratorium”), after the provision’s passage by the House. Despite a number...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
As data protection regulations evolve and employee rights awareness grows, organisations are seeing a significant uptick in Data Subject Access Requests (DSARs). Pursuant to Article 15 of the UK and EU General Data Protection...more
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
As surveillance technology becomes cheaper, more powerful, and more widely used, many companies want to monitor productivity through surveillance to protect confidential information and ensure compliance with company...more
Ontario’s Information and Privacy Commissioner (IPC) has released a new Privacy Management Handbook (Handbook) aimed at assisting small healthcare organizations to meet their privacy obligations under Ontario’s health...more
Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more
Are you storing sensitive data on a shared network drive? If so, your organization could be at serious risk of a data breach or privacy lawsuit. Shared drives, like the common “S:\ drive,” are often used to store documents,...more
Online retailers now face an increasingly complex matrix of state consumer-privacy statutes that impose prescriptive requirements on data collection, monetization, and cybersecurity practices. ...more
The intersection of privacy, cybersecurity, and AI is reshaping risk and regulation in fintech. In a recent episode of The Fintech and Blockchain Podcast, our team explored how fast-moving developments—from AI-powered...more
Working on the go has become a necessity for many, but it should never come at the expense of confidentiality. Julie Savarino explains....more
Pursuant to a newly effective U.S. Department of Justice (DOJ) regulation, the transfer and storage of certain sensitive U.S. government and personal data may be prohibited or restricted, depending on the intended recipient,...more
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
In the ongoing copyright infringement case brought by The New York Times against OpenAI and Microsoft (The New York Times Company v. Microsoft Corporation et al., Case No. 1:23-cv-11195 (S.D.N.Y.)), Judge Ona T. Wang recently...more
As mobile device applications continue to proliferate – magnified in no small part by the recent surge in artificial intelligence-related tools to facilitate creation of apps – they have become indispensable tools for...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
Negotiating a data processing agreement (DPA) is typically a necessary step when engaging vendors that handle personal data. However, these negotiations have become time consuming and complex, given the evolving privacy...more
Join Morrison Foerster’s global Privacy + Data Security Group for our masterclass webinar, “Caught in the Web: Untangling Challenges to Teen Online Safety Laws." We will break down the evolving legal landscape around teen...more
When we are retained by clients to guide them through a cyber-attack in which information has been stolen by a threat actor, we almost always find that the client has unnecessarily stored sensitive information far beyond the...more
During the 2024 legislative session, the Colorado General Assembly passed Senate Bill 24-205, which is known as the Colorado Artificial Intelligence Act (CAIA). This law will take effect on February 1, 2026, and requires...more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
Artificial intelligence (AI) is rapidly reshaping the digital health sector, driving advances in patient engagement, diagnostics, and operational efficiency. However, for Privacy Officers, AI’s integration into digital health...more
In Shah v. Capital One Financial Corporation, the Northern District of California handed down a ruling that may shape the trajectory of litigation involving tracking technologies, online privacy policies, and California’s...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more