When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how...more
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
On May 2 2024, the Dutch data protection supervisory authority (the Dutch DPA) published guidance on the processing of personal data when using facial recognition....more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
In response to the number of successful, large-scale ransomware attacks affecting healthcare organizations nearly tripling since 2018, the Department of Health and Human Services (HHS) has released guidance outlining its...more
During 2023, privacy protection and artificial intelligence regulation continued apace and their implications continued to be a major focus in Israel and around the world. In Israel, this was reflected in a number of...more
The European Data Protection Board (EDPB), a board comprised primarily of representatives of the data protection supervisory authorities of the European Union’s member states, issued surprising new guidance in mid-November...more
With the pensions industry having direct experience of recent cyber security incidents, the Pensions Regulator (TPR) has updated its guidance for trustees in this area. As a reminder, this year saw Capita suffer a cyber...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
On October 18, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), which is tasked with enforcing the Health Insurance Portability and Accountability Act (“HIPAA”), issued two new...more
Welcome to your weekly update from the Allen & Overy Pensions team, covering all the latest legal and regulatory developments in the world of workplace pensions. This week we cover the following topics: HMRC Pensions Tax...more
United States: The Administration and Congress are taking initial steps to produce legislation to regulate AI and using interim measures, such as the White House’s recently announced voluntary agreement with seven prominent...more
The Securities and Exchange Commission (SEC) finalized cybersecurity rules this week for public companies centered on disclosure requirements for material cybersecurity incidents, as well as periodic reporting regarding...more
On June 30, 2023, the Washington Attorney General (AG) published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act (MHMDA). As we discussed previously, the MHMDA will impose new requirements...more
Chinese government data privacy officials recently implemented Guidelines for Filing of Standard Contracts for Export of Personal Information that carry significant consequences for non-compliance – which means organizations...more
On May 30, 2023, the Cyberspace Administration of China ("CAC") issued the "Guidance on Filing the Standard Contract for the Cross-Border Transfer of Personal Information" ("Guidance"), which took effect on June 1, 2023....more
The Israeli Privacy Protection Authority’s (PPA) recently published position on the monitoring of employees working remotely presents new guidelines and recommendations for employers that are building a system to perform such...more
A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into...more
On March 8, the Department of Health and Human Services (HHS) released a cybersecurity implementation guide to assist public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework...more
Today, after months of rumors regarding its release and contents, the White House issued its National Cybersecurity Strategy “to secure the full benefits of a safe and secure digital ecosystem.” The full strategy is 39 pages...more
The Cybersecurity Administration of China (the "CAC") has published guidelines concerning outbound data transfers of personal information and "important data" from China to other jurisdictions. Businesses must comply with...more
The guidance outlines steps that organizations should take to enhance data security as hybrid working and learning introduce new risks. On August 30, 2022, the Office of the Privacy Commissioner for Personal Data of Hong...more
The European Data Protection Board (“EDPB”) on June 15, 2022 issued a final decision in a rare exercise of its authority under Article 65 GDPR to resolve cross-border disputes between different data protection supervisory...more
The FBI and CISA recently issued a Cybersecurity Alert entitled “#StopRansomware: Zeppelin Ransomware” providing an alert to organizations about the proliferation of Zeppelin ransomware attacks and information on the...more
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth...more