When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
On August 30, 2024, the Federal Trade Commission announced that the Department of Justice filed a complaint upon notification and referral from the FTC against a surveillance camera company that allegedly failed to provide...more
Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more
On October 25, 2023, New York Governor Kathy Hochul signed into law a bill (the “Act”) banning the sale of over-the-counter weight loss and muscle building supplements to children under the age of 18. This Act is the first...more
On October 10, Governor Gavin Newsom signed into law California’s most recent foray into the world of consumer data privacy: the Delete Act. Targeting so-called data brokers, the Act expands on regulations already in place...more
After a COVID-19-related delay, on June 27, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a long-awaited final rule that establishes monetary penalties for violations of health...more
For the first time since it became law on Aug. 25, 2009, the Federal Trade Commission (“FTC”) has taken enforcement action under 16 C.F.R. § 318, also known as the Health Breach Notification Rule, with a $1.5 million civil...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
The Consumer Privacy Rights Act (CPRA), which amended the California Consumer Privacy Act (CCPA), becomes fully effective on January 1, 2023. Businesses should review the new law and recent enforcement actions before the law...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
The Federal Trade Commission (FTC) recently settled with Weight Watchers (WW) and its subsidiary Kurbo for alleged violations of the Children’s Online Privacy Protection Act (COPPA). COPPA requires websites, apps and other...more
Two major U.S. financial institutions, Morgan Stanley and Capital One, recently agreed to resolve separate class action lawsuits by paying, in the aggregate, hundreds of millions of dollars in compensation for massive data...more
On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS...more
The New York Department of Financial Services (NYDFS) has settled alleged violations of the Department’s strict cybersecurity regulations with National Securities Corp. (NSC) for $3 million, over four separate cybersecurity...more
On March 2, 2021, the Commonwealth of Virginia enacted the Virginia Consumer Data Protection Act (VCDPA). The new law makes Virginia the second state in the United States to enact a comprehensive data privacy regime,...more
Virginia Governor Ralph Northam signed the Consumer Data Protection Act (the “Act”) on March 2, 2021. The following are answers to some frequently asked questions about the Act and its impact on organizations doing business...more
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk. In her...more
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
In the midst of the COVID-19 pandemic, the Office of the National Coordinator for Health Information Technology (ONC) published the final Information Blocking Rule. This rule is widely seen as a game-changer that will have...more
On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). Reg...more
Q1/ Applicable legislation (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ———...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $1.6 million civil money penalty (CMP) against the Texas Health and Human Services Commission, Department of Aging and Disability...more
Every year, the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services, Office for Civil Rights (OCR) jointly sponsor a conference to “address the dynamic and challenging...more
A draft law proposed in Russia would introduce severe monetary fines for noncompliance with Russia’s data protection law, including the data localization requirement, and violations of various internet activity laws. ...more
The U.S. Department of Health and Human Services recently released a notice of enforcement discretion announcing changes in how the agency will assess civil monetary penalties for violations of the Health Insurance...more
I am hardly saying that SEC Regulation S-P is the sexiest of regulations. I mean, has any customer is history actually read one of those exciting statement stuffers that discloses in some dense font a BD’s privacy policy?...more