When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some...more
On Sept. 13, the Colorado Attorney General’s Office proposed amendments to the Colorado Privacy Act (CPA) affecting biometric data, children's privacy, and opinion letters....more
On September 4, 2024, the California Privacy Protection Agency ("CPPA") announced that it issued an Enforcement Advisory ("Advisory") providing guidance on how to avoid using prohibited "Dark Patterns" to obtain consent from...more
In today's business landscape, cloud computing is an essential component for scalability, cost-efficiency, and operational agility. However, as dependence on cloud services grows, disputes are becoming increasingly frequent....more
Summer days are over and it’s time to hit the books. State legislatures were just as busy in 2024 as they were in 2023 making up for the U.S. Congress’s inability to pass a comprehensive privacy law....more
Hospitality and tourism is a broad and varied industry that can encompass hotels, restaurants, bars, casinos, theme parks, wineries, breweries, distilleries and more. While these businesses all have very different methods of...more
Do you know what cookies your company’s website is using? If not, you likely do not know whether your company’s website is honoring users’ data protection choices involving the use of cookies. You should know and care so your...more
Data Resilience Masterclass: Navigating the Risks of the Digital Age - Data Risk and Resilience is a critical topic for modern businesses, especially within industries that handle vast amounts of sensitive information....more
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
In our recent webinar, It’s Time to Think About Data Mapping Differently, a poll revealed some interesting information: Nearly 50 percent of respondents house their data map in a spreadsheet. (Roughly 15 percent say they...more
On August 19, the FTC filed an amicus brief supporting a class of plaintiffs representing their minor children in a case alleging that an educational technology company unlawfully collected, used and sold the children’s data...more
On September 22, 2024, the fourth wave of amendments to Québec’s Act respecting the protection of personal information in the private sector(“Act”) will take effect. Arguably, the most important change it will introduce is...more
On August 30, 2024, the Federal Trade Commission announced that the Department of Justice filed a complaint upon notification and referral from the FTC against a surveillance camera company that allegedly failed to provide...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
Data Resilience Masterclass: Navigating the Risks of the Digital Age - Data Risk and Resilience is a critical topic for modern businesses, especially within industries that handle vast amounts of sensitive information. This...more
With organizations holding more and more data digitally, there is an increased need to ensure data remains accessible across the organization at any given time. To that end, many organizations use tools that synchronize the...more
Selected U.S. Privacy and Cyber Updates - New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws - On August 1, 2024, New York Attorney General Letitia James issued two advanced notices of proposed...more
Keypoint: The appellate court ruled that the California Age-Appropriate Design Code Act’s impact assessment provision is unconstitutional and remanded the case back to the trial court to consider the constitutionality of the...more
Multi-jurisdictional civil fraud matters often present multiple challenges that make the tracing and recovery of assets a complex, costly, and time-consuming investigative process. Making a fraud victim whole again requires...more
Las compañías que hacen negocios en México deben revisar las políticas y prácticas pertinentes para asegurarse de que se alinean al marco integral de privacidad de datos del país. Específicamente, querrá evaluar sus avisos de...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
A California federal court recently ruled that disclosure of certain data collected through website cookies that may qualify as health information could trigger a data breach under the California Consumer Privacy Act (CCPA) –...more
Sprawling. That’s one way to describe the nature of data and responsibilities in modern organizations. There’s a lot of personally identifiable information (PII) and sensitive data to track, and knowing what lives where so...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice. We invite you to share this resource with your colleagues and visit...more