Oklahoma will soon join 19 other states and add to the patchwork of consumer privacy laws that multistate employers have to navigate beginning January 1, 2027. Governor Kevin Stitt signed the Oklahoma Consumer Data Privacy...more
4/3/2026
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Incident Response Plans ,
Multistate Employers ,
New Legislation ,
Notice Requirements ,
Personal Data ,
Popular ,
State Privacy Laws
The White House recently published two documents to outline how the US plans to lead the world in cybersecurity while protecting Americans from cybercrime. Combined, the Cyber Strategy for America and the Executive Order on...more
3/19/2026
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
National Security ,
Regulatory Reform
Are you a business with a self-insured group health plan? Did you know that it could make part of your business subject to HIPAA? Employers that sponsor self-insured group health plans are subject to complex compliance rules...more
3/3/2026
/ Business Associates ,
Business Associates Agreement (BAA) ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
PHI ,
Self-Insured Health Plans
A recent Gallup poll shows that only 31% of employees feel actively engaged at work, with the majority of workers voicing concerns about whether their supervisor cares about them as a person, their lack of opportunity to...more
A new law about to take effect in Texas will force any company that either distributes software applications or develops apps to jump through safety-related hoops in an effort to protect minors. As of January 1, 2026, the App...more
11/24/2025
/ App Developers ,
App Store ,
Minors ,
Mobile Apps ,
New Legislation ,
Online Safety for Children ,
Parental Consent ,
Private Right of Action ,
Software ,
Software Developers ,
Technology Sector ,
Texas
The New York Department of Financial Services (NYDFS) just sent a stark reminder to covered entities (which includes financial institutions, insurance companies, and any other businesses regulated by the NYDFS) that they are...more
10/24/2025
/ Best Practices ,
Contract Termination ,
Contract Terms ,
Covered Entities ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Due Diligence ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management ,
Third-Party Risk ,
Third-Party Service Provider
The FTC just announced a $7.5 million settlement with an educational technology company over its unlawful cancellation practices, sending a warning to all businesses that offer subscription-based offerings. Even though a...more
Starting November 10, federal contractors that perform work with the Department of Defense will need to ensure they comply with a new cybersecurity framework. The Department of Defense (DoD) just amended the Defense Federal...more
9/15/2025
/ Best Practices ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Mapping ,
Data Protection ,
Data Security ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
National Security ,
NIST ,
Risk Assessment ,
Subcontractors
Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher...more
9/10/2025
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Enforcement Actions ,
Fines ,
Identity Theft ,
Incident Response Plans ,
Notice Requirements ,
Pending Legislation ,
Personal Information ,
Personally Identifiable Information ,
Privacy Policy
Businesses should be aware of recent public outreach in California – and other states with consumer privacy laws – signaling that increased enforcement activity is on the horizon. For instance, the California Privacy...more
7/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Covered Business ,
Data Privacy ,
Data Selling ,
Data-Sharing ,
Opt-Outs ,
Personal Data ,
Personal Information ,
State Privacy Laws ,
Website Owner Liability ,
Websites
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
7/18/2025
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Insurance ,
Incident Response Plans ,
Information Security ,
Insurance Industry ,
National Association of Insurance Commissioners ,
New Legislation ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Regulatory Authority ,
Reporting Requirements ,
Security Risk Assessments ,
State Data Breach Notification Statutes ,
Third-Party Risk ,
Third-Party Service Provider
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
7/18/2025
/ Artificial Intelligence ,
Comment Period ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Use Policies ,
Disclosure Requirements ,
Duty of Care ,
Impact Assessments ,
New Jersey ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Sensitive Personal Information
California may likely soon join the growing list of states to require data breach notifications to be required within a certain amount of time – in this case, 30 calendar days. In recent years, many states have moved to...more
The SEC’s amended Regulation S-P, adopted last year, will soon enhance data privacy protections for broker-dealers, investment companies, registered investment advisors, and transfer agents. The updated rule requires these...more
6/30/2025
/ Amended Regulation ,
Broker-Dealer ,
Consumer Information ,
Corporate Counsel ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Disposal Protocols ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Deadlines ,
Due Diligence ,
Financial Institutions ,
Incident Response Plans ,
Investment Companies ,
Notice Requirements ,
Policies and Procedures ,
Popular ,
Registered Investment Advisors ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Transfer Agents
Businesses should be aware of growing security risks from North Korean IT workers targeting freelance contracts from businesses in the U.S. and other countries. Typically, these workers fraudulently claim they are from the US...more
5/15/2025
/ Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Economic Sanctions ,
Foreign Workers ,
Fraud ,
Freelance Workers ,
Hiring & Firing ,
Independent Contractors ,
Information Technology ,
North Korea ,
Popular ,
Risk Mitigation ,
Scams
When PowerSchool announced in January that it fell victim to a massive data breach at the end of 2024, it assured the thousands of schools and over 50 million students who use the education software that the matter had been...more