When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
In today's business landscape, cloud computing is an essential component for scalability, cost-efficiency, and operational agility. However, as dependence on cloud services grows, disputes are becoming increasingly frequent....more
Sharing personal data is necessary for most organisations, but it also entails certain data protection risks. Controllers who share personal data with others must, among other obligations, ensure that they comply with the...more
Exactly one year from now, on September 12, 2025, the EU Data Act will enter into application. This new regulation provides harmonized rules on data access, switching cloud providers, and interoperability requirements across...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
On August 30, 2024, the Federal Trade Commission announced that the Department of Justice filed a complaint upon notification and referral from the FTC against a surveillance camera company that allegedly failed to provide...more
On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a...more
Leveraging 40,000 anonymous ethics hotline reports and expansive customer interviews, Syntrio’s latest analysis uncovers trends in misconduct, reporting, and more...more
Artificial Intelligence (“AI”) generated a tremendous amount of excitement in 2023 as businesses rushed to build use cases and deploy AI tools throughout their organizations. AI has evolved from a futuristic concept into a...more
The Network and Information Security 2 Directive (EU) 2022/2555 ("NIS2") entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining...more
Maintaining compliance is your job. But sometimes that job feels like a slog through the deepest jungle. More than 130 countries have some form of data privacy and protection law on the books. At the same time, 63% of...more
EU Regulation 2024/1689, also known as the Artificial Intelligence Act (AI Act), enters into force as of 1 August 2024. But when will it become applicable? The AI Act sets out a harmonized legal framework for the...more
The Brazilian Data Protection Authority (ANPD) has published its new regulation on the Data Protection Officer’s (DPO) role. A central figure in privacy governance, the DPO serves as the liaison between the data controller,...more
Have you ever considered the number of legal challenges that come with running a business in the digital era? Forbes predicts that the global e-commerce will surpass $6 trillion in 2024, meaning that there is no shortage of...more
On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
Did you know that according to The NY Times, about half of new businesses fail within the first five years? This reality underscores the critical importance of establishing a strong business plan and legal foundation from the...more
Minnesota has become the 19th state to pass a comprehensive data privacy law. On May 24, Governor Tim Walz signed into law the Minnesota Consumer Privacy Act (H.F. 4757) (the “MCPA”), which takes effect July 31, 2025....more
On May 31, 2024, Colorado enacted H.B. 24-1130, an amendment to the Colorado Privacy Act (CPA) regarding the use of biometric information (the “Biometric Amendment”). The Biometric Amendment, effective July 1, 2025, requires...more
For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United...more
With state privacy laws continuing to increase, will the federal American Privacy Rights Act be adopted? Over 18 states have now enacted comprehensive state privacy laws, three of which go into effect on July 1, 2024, in...more
On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P, the regulation that governs the treatment of nonpublic personal information about consumers by certain financial institutions....more
As artificial intelligence (AI) continues to advance rapidly, organizations of all types are seeking to deploy this powerful tool to increase the effectiveness and efficiency of their operations, improve service to their...more
Last month, the Securities and Exchange Commission (the SEC or the Commission) unanimously voted to adopt amendments to Regulation S-P (Reg S-P), which is the SEC’s regulation governing the treatment and safeguarding of...more
Class action lawsuits have been on a record-setting upward trend in recent years and they aren’t showing any signs of slowing. According to the Duane Morris Class Action Review 2024, settlement numbers reached unprecedented...more
Recent U.S. developments indicate a growing focus on regulating and investigating the data privacy practices of companies in the automotive sector. The Federal Trade Commission (FTC) recently highlighted in a blog post its...more
The Department of Justice ("DOJ") is wasting no time in implementing the new cyber-security Executive Order (the EO), signed on February 28, 2024. As explained in our April 2024 blog post, the EO aims to portect Americans’...more