Data privacy risk is increasing in 2026, even as the pace of new legislation slows. While no new comprehensive state privacy laws were enacted in 2025, state regulators are shifting their focus to refining and enforcing the...more
1/13/2026
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Mitigation ,
State Attorneys General ,
State Privacy Laws
In 2024, the U.S. Department of Health and Human Services (HHS) issued final rules requiring sweeping updates to the privacy protections for substance use disorder (SUD) records created by an SUD program under 42 CFR Part 2...more
1/6/2026
/ Covered Entities ,
Department of Health and Human Services (HHS) ,
Drug & Alcohol Abuse ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Notice Requirements ,
Patient Privacy Rights ,
Privacy Laws ,
Privacy Notice Rule ,
Regulatory Requirements ,
Substance Abuse
As artificial intelligence (AI) and data-driven decision-making become central to business operations, companies face a rapidly evolving landscape of cybersecurity and data privacy risk. Yet, many existing cyber insurance...more
In a recent settlement with an accounting firm, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) reinforced its ongoing commitment to holding business associates accountable for the...more
9/3/2025
/ Business Associates ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
A recent high-profile breach at a women-focused dating app underscores how quickly a privacy misstep can escalate into lawsuits and reputational harm. The incident offers a cautionary tale for any company handling sensitive...more
8/19/2025
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Dating Services ,
Mobile Apps ,
Privacy Policy ,
Reputation Management ,
Risk Management ,
Sensitive Personal Information
Recently, the federal judiciary’s electronic case management system (CM/ECF) was compromised in a large-scale cyberattack. While the Administrative Office of U.S. Courts has publicly acknowledged the incident, its statement...more
Cyberattacks remain one of the most serious threats facing the healthcare industry. Healthcare providers and their vendors handle sensitive and valuable health data, making them prime targets for cybercriminals....more
The regulatory landscape for artificial intelligence is evolving rapidly, with significant changes emerging at international, national and state levels. Businesses operating in multiple jurisdictions must navigate these...more
As 2025 progresses, one thing is clear—GDPR enforcement is not slowing down. In fact, regulators across Europe are intensifying their scrutiny, handing out significant fines and even warning executives of potential personal...more
2/13/2025
/ C-Suite Executives ,
Corporate Liability ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Enforcement Actions ,
Enforcement Priorities ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personal Liability ,
Privacy Laws ,
Risk Management
As we step into 2025, data privacy laws in the United States are evolving rapidly. With eight new state privacy laws taking effect, businesses face an increasingly complex web of compliance obligations—even in states without...more