When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Las compañías que hacen negocios en México deben revisar las políticas y prácticas pertinentes para asegurarse de que se alinean al marco integral de privacidad de datos del país. Específicamente, querrá evaluar sus avisos de...more
Companies doing business in Mexico should review relevant policies and practices to ensure they align with the country’s comprehensive data privacy framework. Specifically, you’ll want to assess your privacy notices, data...more
Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
We have received several requests for a list of the compliance policies that make sense for every multinational company. So, as a follow-up to our earlier two posts providing “twelve steps to international compliance” (see...more
Multinationals with employees in the People’s Republic of China (PRC) continue to confront a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
Following on the heels of the launch of the EU-U.S. Data Privacy Framework (DPF) this summer, the U.S. Department of Commerce has extended the DPF to cover transfers of personal data from the United Kingdom (UK) (and...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
As the only comprehensive, practical event of its kind in the Unites States, ACI is hosting the highly anticipated 5th Annual U.S.-China Trade Controls Conference, scheduled for October 12–13 in Washington, DC. Considering...more
With presidential assent granted on August 11, 2023, for India’s Digital Personal Data Protection Act, 2023 (“DPDA” or the “Act”), India joined the ranks of dozens of jurisdictions globally that have enacted comprehensive...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
Greece’s privacy protection authority recently announced it was fining Intellexa, an Israeli cyber tech company, EUR 50,000. The Hellenic Data Protection Authority (HDPA) imposed the fine as part of an investigation it...more
The EU’s General Data Protection Regulation (GDPR) regulates the transfer of personal data in the European Union. For many multinational employers, Standard Contractual Clauses (SCCs) offer the only practical means of...more
Last week, I discussed eDiscovery in the Asia Pacific (APAC) region in terms of what each country has in place from a rules and discovery standpoint. eDiscovery isn’t the only discipline where US-based bloggers like me tend...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
While everyone hoped that 2021 would be less tumultuous than 2020, it certainly did not turn out that way in the end. The same was true in the world of data privacy – with sweeping new data protection regulations and guidance...more
Join SCCE virtually for the 10th Annual ECEI - Can't attend the conference in-person? The European Compliance & Ethics Institute, 22-23 March 2022, allows you to hear from today’s compliance and ethics leaders on the...more
Join SCCE in Amsterdam for the 10th Annual ECEI - Want to learn more about the challenges facing the European and global compliance and ethics community? Join us for the 10th Annual European Compliance & Ethics...more
On October 21, 2021, the Department of Commerce’s Bureau of Industry and Security (BIS) published a long-awaited interim final rule that establishes controls on certain cybersecurity items designed to curtail exports of...more
Multinational pharmaceutical companies, by nature of their business, handle a great deal of data, often transferred across borders, whether based on research, clinical trial data, and employee personal data....more
When the DSL goes into effect on September 1, 2021, it will impose certain restrictions on a company's ability to transfer data out of China without the prior approval of Chinese authorities. One significant restriction is...more
We’re checking in with our Europe-based expert on the latest European updates and upcoming changes for the third quarter of 2021 including updates on Brexit, European Union (EU) data protection policies, block exemption...more
Since its passage almost three years ago, the California Consumer Privacy Act (“CCPA”) has offered California-based consumers certain rights over the personal information companies collect and process about them. While...more
The Cyberspace Administration of China (CAC) on May 12 issued the Draft Provisions on the Management of Automobile Data Security (Draft Provisions) for public comment through June 11. The Draft Provisions aim to regulate the...more
In April, the Chinese government issued a second version of the draft Personal Information Protection Law (Draft PIPL), which will impact global companies. Join us for a joint webinar as we discuss the key provisions of the...more