DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Over a year after his office’s last privacy enforcement action, on July 1, 2025, California Attorney General Rob Bonta (AG) announced a new California Consumer Privacy Act (CCPA) settlement with Healthline Media LLC...more
The past year has brought a number of federal appellate rulings under the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710, one of the statutes under which plaintiffs have been filing numerous claims in recent years...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
by Becky Achten New guidance from the Employee Benefits Security Administration (EBSA) affirms that both sides—retirement plans and welfare plans—must take steps to secure participant data from cybercrime. In 2021 the...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
On February 21, 2024, California Attorney General Rob Bonta ("Cal AG") announced that his office reached a settlement with DoorDash, the food delivery service company, for violating the California Consumer Privacy Act...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
Keypoint: The past two months have seen many courts dismiss privacy claims as judges appear to be more critical of plaintiffs’ theories while other judges have allowed cases to proceed past the motion to dismiss stage....more
Personal information from federal lawmakers and congressional staff members was available on the dark web following a breach of DC Health Link, the health insurance marketplace for Washington, D.C. In an internal memo sent to...more
With only four months left before most changes to the federal Standards for Safeguarding Customer Information (“Safeguards Rule”) – a component of the Gramm-Leach Bliley Act (“GLBA”) that provides for the protection of...more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
The Office of the Privacy Commissioner of Canada (OPC) recently released findings stemming from a customer complaint that Home Depot of Canada (Home Depot) had violated the Personal Information Protection and Electronic...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
In a revised opinion issued September 8, 2022, an en banc panel of the Eleventh Circuit Court of Appeals reversed last year’s controversial opinion which potentially spelled trouble for debt collectors utilizing third-party...more
Hackers have increasingly focused on third-party vendors as avenues to data held by associated businesses. On August 25, 2022, DoorDash announced that it had experienced a data breach which impacted the personal...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
Keypoint: The California Privacy Protection Agency issued a first set of draft regulations that contain a number of notable provisions but do not address all of the CPRA’s rulemaking topics....more
The latest update surrounding Hunstein v. Preferred Collection and Management Services, Inc., Case No. 19-14434 centers not on the Eleventh Circuit or the Hunstein decision itself but on the district courts nationwide that...more
Since 2018, a consistent stream of newly adopted privacy laws and other regulatory developments (such as GDPR, CCPA, Schrems II, and the new EU Standard Contractual Clauses) has required companies to make regular updates to...more
The Eleventh Circuit Court of Appeals has issued its ruling on the motion for rehearing in Hunstein v. Preferred Collection and Management Services, Inc., Case No. 19-14434 but most of the troublesome aspects of the Court’s...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and...more