Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
Congress Tries to Wrangle Cyber and Crypto Industries
Who are the decision makers at INTERPOL's CCF?
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
Oklahoma: Changing Data Privacy as We Know It?
Privacy Talk | The New Swiss Data Protection Act
Update on Global Data Privacy Regulations by John Jackson
Nota Bene Episode 93: Navigating the New Global Cybersecurity Compliance Landscape with Scott Giordano
Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some...more
Last month, the Federal Trade Commission (FTC) and U.S. Department of Justice (DOJ) jointly hosted a public meeting of the interagency “Strike Force on Unfair and Illegal Business Practices.” The meeting was a continuation of...more
Starting January 1, 2026, businesses operating in Rhode Island will need to comply with the Rhode Island Data Transparency and Privacy Protection Act, a mouthful of a law abbreviated as RIDTPPA. (Not exactly catchy, is it?)...more
The September Monthly Minute highlights the DOL’s extension of existing cybersecurity guidance to health and welfare plans and also addresses the new HIPAA reproductive health privacy rule....more
The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more
The Australian Government has today published a draft Bill outlining the next steps in Australia’s Privacy Act Review process. The changes to be implemented by the Privacy and Other Legislation Amendment Bill 2024 include...more
Website owners often struggle to design privacy policies that are not only comprehensive, but also comprehensible. The tension between these competing concerns was in sharp focus in a recent Ninth Circuit decision, Calhoun v....more
Do you know what cookies your company’s website is using? If not, you likely do not know whether your company’s website is honoring users’ data protection choices involving the use of cookies. You should know and care so your...more
The Centers for Medicare & Medicaid Services (CMS) and the Wisconsin Physicians Insurance Corporation have announced that 946,801 current Medicare recipients are being notified that their personal information may have been...more
Sharing personal data is necessary for most organisations, but it also entails certain data protection risks. Controllers who share personal data with others must, among other obligations, ensure that they comply with the...more
On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data. SB1223, which is likely to become law, defines “neural data” as “information that is...more
The one-year transition period granted to bring businesses’ activities into compliance with the Personal Data Protection Law of the Kingdom of Saudi Arabia is about to end on September 14, 2024. Given the law’s...more
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
August 20, 2024 signaled the end of the California Privacy Protection Agency’s (CPPA) Notice of Proposed Regulatory Action (NPRA) comment period for Senate Bill 362, also known as the Delete Act (the “Act”)....more
In our recent webinar, It’s Time to Think About Data Mapping Differently, a poll revealed some interesting information: Nearly 50 percent of respondents house their data map in a spreadsheet. (Roughly 15 percent say they...more
8/2/2024 – EU 2024/1689 – Europe Tries to Reign in AI - This week the EU regulation 2024/1689, “laying down harmonised rules on artificial intelligence” became effective. The European Artificial Intelligence Act will regulate...more
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
Why is there so much hype around quantum computing? What are the main threats that this technology will bring? And what opportunities can be harnessed from it? In this article, we share our key takeaways from our recent...more
The plaintiffs’ bar has added a new tool to its arsenal to target cookies, pixels, and similar online tracking tools and the businesses that use them: the California Song-Beverly Credit Card Act of 1971 (“Act”). This...more
I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
The Superintendence of Industry and Commerce (SIC) of Colombia issued External Circular No. 2 of 2024, establishing guidelines regarding personal data processed through artificial intelligence (AI) systems....more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more