Following failed congressional attempts to limit state AI laws, on December 11, 2025, the President issued an Executive Order titled Ensuring a National Policy Framework for Artificial Intelligence. The Order represents...more
12/12/2025
/ Artificial Intelligence ,
Commerce Clause ,
Constitutional Challenges ,
Department of Justice (DOJ) ,
Executive Orders ,
FCC ,
Federal Funding ,
Federal Trade Commission (FTC) ,
First Amendment ,
Interstate Commerce ,
Preemption ,
Regulatory Oversight ,
Regulatory Reform ,
State and Local Government ,
Trump Administration ,
Unconstitutional Condition
In the event of the disclosure of business trade secrets, organizations are often so overwhelmed that they overlook potential data breach notification requirements. The potential exposure of trade secrets is increasingly...more
The complexities of California employment law begin not when an employer extends an offer, but as soon as they decide to post a job opening. Employers should ensure compliance with California’s job posting and hiring...more
11/25/2025
/ Anti-Discrimination Policies ,
Background Checks ,
California ,
California Consumer Privacy Act (CCPA) ,
Criminal Background Checks ,
Data Privacy ,
Employment Discrimination ,
Employment Policies ,
Fair Chance Act ,
Hiring & Firing ,
Job Ads ,
New Legislation ,
Pay Transparency ,
Recruitment Policies ,
Regulatory Requirements ,
State Labor Laws ,
State Privacy Laws ,
Wage and Hour
Oftentimes, organizations view training simply as another obligation; however, tailored and hands-on privacy and cybersecurity training are essential to safeguard data and ensure operations run smoothly in the event of a...more
The lengthy and complex “Bulk Data Transfer Rule,” more formally known as the “Rule Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” may apply to...more
10/28/2025
/ Compliance ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
International Data Transfers ,
National Security ,
New Regulations ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
Lured by the promise of better productivity and compliance with company policies, employee monitoring tools are gaining a lot of traction among employers.
On this episode of We get Privacy for work, we discuss the...more
From timekeeping technologies to dash cams, the Illinois Biometric Information Privacy Act (BIPA) is now being used to challenge a number and variety of time-saving programs and tools.
On this episode of We get Privacy for...more
Class action lawsuits in response to data breaches have skyrocketed as plaintiffs look to take advantage of courts’ perceived leniency regarding standing. ...more
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
8/14/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Security ,
Policies and Procedures ,
Privacy Policy ,
Ransomware ,
Risk Management ,
WISP
To say mergers and acquisitions present significant risk is an understatement; however, additional vulnerabilities are being exposed as bad actors threaten to exploit privacy and data security leaks during the transition. ...more
7/24/2025
/ Acquisitions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Merger Agreements ,
Mergers ,
Personal Data ,
Risk Management
Remote work has given employers and employees pathbreaking flexibility, but it has also raised a host of data and employee privacy concerns....more
When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just...more
5/28/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Attorneys General ,
State Privacy Laws
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel...more
1/29/2025
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Dashcams ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Monitoring ,
Employee Privacy Rights ,
Equal Employment Opportunity Commission (EEOC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Third-Party Service Provider ,
Wearable Technology
Organizations across the spectrum rely heavily on website tracking technologies to understand user behavior, enhance customer experience, and drive growth. The convenience and insights these technologies offer come with a...more
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more
Maryland’s governor recently signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland one of six states—along with Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island—to pass a comprehensive...more
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more
7/16/2024
/ Biometric Information ,
Covered Entities ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Incident Response Plans ,
Notification Requirements ,
Regulation S-P ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Telecommunications
With the Texas Data Privacy and Security Act (TDPSA) on the verge of taking effect on July 1, 2024, the State’s Attorney General, Ken Paxton, recently launched an initiative for “aggressive enforcement of Texas privacy laws.”...more
In what is being called the American Privacy Rights Act (Act), some are suggesting this could be the one! For many years, Congress has been unable to come together to craft a national privacy law. There have been several...more
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
Real estate businesses frequently operate multiple websites. These may include corporate websites, websites for each of their properties, and websites for their apps and ancillary service offerings. To maximize the...more
1/26/2024
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Marketing ,
Privacy Laws ,
Real Estate Companies ,
Technology ,
Video Privacy ,
VPPA ,
Web Tracking ,
Websites ,
Wiretapping
In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”). The...more
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents....more
The New York Department of Financial Services (DFS) has been increasingly active in enforcing the rigorous cybersecurity requirements imposed on “covered entities” under 11 NYCRR Part 500 (Reg 500). DFS has published an...more