When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
The Swiss Federal Council has added the U.S. to the list of countries with an adequate level of data protection. Effective September 15, 2024, U.S. organizations that certify to the Swiss–U.S. Data Privacy Framework (DPF) can...more
Maretta Morovitz is the Engage Lead at MITRE, where she simplifies the planning of adversary engagement for cyber defenders. Maretta likens her cyber defense work to the movie Home Alone, setting a series of traps for the...more
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
The Department of Justice ("DOJ") is wasting no time in implementing the new cyber-security Executive Order (the EO), signed on February 28, 2024. As explained in our April 2024 blog post, the EO aims to portect Americans’...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more
Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on...more
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
Learning Objectives - Data privacy compliance requires the use of privacy impact assessments and data transfer assessments - What about the value of other assessments like privacy by design, online safety, AI risk,...more
On September 7, 2023, the Saudi Authority for Data and Artificial Intelligence (SDAIA) issued the Implementing Regulations of the Personal Data Protection Law (the Implementing Regulations) and the Regulations on Personal...more
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
Updated June 2023 - The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
On April 25, 2023, the state-backed Guiyang Big Data Exchange (GYDE) announced that it has facilitated and supervised the unprecedented floor trading of personal data in China. To date, no provisions have been put in place to...more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more
In our previous posts, we discussed what data export activities are subject to scrutiny assessment (CAC Assessment) conducted by the Cyberspace Administration of China (CAC) (see Part 1) and examined what companies must do...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
In a recent alert, we painted the big picture of the security assessment conducted by the Cyberspace Administration of China (CAC) to data exporting activities from China (CAC Assessment), highlighting what data export...more
With the rapid development of the global digital economy, multinational companies (MNCs) have been forced to find legally compliant ways to transfer data across borders. In the past, many MNCs relied on data transfer...more
Key Points - President Biden has signed the long-awaited executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework—a historic step in respect of...more
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
Do you use Google Analytics? Do you tell consumers that you do not sell personal information? If you answered yes to both of those questions, then this alert is for you! The California attorney general recently took the...more
On July 7, 2022, the Cyberspace Administration of China (“CAC”) released the Security Assessment Measures of Cross-border Data Transfer ( the “Measures”) which will be effective from September 1, 2022. Previously on October...more