As we explored in Part 1 of this series, AI-enabled smart glasses are rapidly evolving from niche wearables into powerful tools with broad workplace appeal — but their innovative capabilities bring equally significant legal...more
12/15/2025
/ Artificial Intelligence ,
Audio Recording ,
Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Emerging Technologies ,
Employee Monitoring ,
Invasion of Privacy ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Smart Devices ,
State Privacy Laws ,
Surveillance ,
Wearable Technology ,
Wiretapping
Following failed congressional attempts to limit state AI laws, on December 11, 2025, the President issued an Executive Order titled Ensuring a National Policy Framework for Artificial Intelligence. The Order represents...more
12/12/2025
/ Artificial Intelligence ,
Commerce Clause ,
Constitutional Challenges ,
Department of Justice (DOJ) ,
Executive Orders ,
FCC ,
Federal Funding ,
Federal Trade Commission (FTC) ,
First Amendment ,
Interstate Commerce ,
Preemption ,
Regulatory Oversight ,
Regulatory Reform ,
State and Local Government ,
Trump Administration ,
Unconstitutional Condition
Smart glasses with AI capabilities have evolved from futuristic concept to everyday reality. The market exploded in 2024, with global smart glasses shipments surging 210% year-over-year, driven primarily by Meta’s Ray-Ban...more
12/10/2025
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Smart Devices ,
State Privacy Laws
When Royal Cornwall Hospital responded to a routine Freedom of Information request in 2023, they had no idea they were about to expose sensitive staff data to the public. The hospital recently apologized after discovering...more
12/9/2025
/ Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Electronically Stored Information ,
Employee Privacy Rights ,
FOIA ,
Freedom of Information ,
Hospitals ,
Information Governance ,
Metadata ,
Personal Data ,
Policies and Procedures ,
Risk Management ,
Sensitive Personal Information ,
Training Requirements
After years of development and extensive stakeholder engagement, California has finalized groundbreaking cybersecurity audit regulations under the California Consumer Privacy Act (CCPA). These new requirements may...more
12/8/2025
/ Audits ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
New Regulations ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
Sensitive Personal Information
Although it is tempting to rush to implement the newest AI tools, taking inventory of what tools your organization uses, which laws you are subject to and which obligations flow from those laws are all critical steps to...more
In the event of the disclosure of business trade secrets, organizations are often so overwhelmed that they overlook potential data breach notification requirements. The potential exposure of trade secrets is increasingly...more
As artificial intelligence (AI), particularly generative AI, becomes increasingly woven into our professional and personal lives—from personalized travel itineraries to reviewing resumes to summarizing investigation notes and...more
11/25/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
New Regulations ,
Opt-Outs ,
Personal Information ,
Regulatory Requirements ,
State Data Privacy Laws ,
State Privacy Laws ,
Transparency
The lengthy and complex “Bulk Data Transfer Rule,” more formally known as the “Rule Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” may apply to...more
10/28/2025
/ Compliance ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
International Data Transfers ,
National Security ,
New Regulations ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
Leaders charged with safeguarding data privacy and cybersecurity often assume that size equates to security—that large, well-resourced organizations must have airtight defenses against cyberattacks and data breaches. It’s a...more
10/22/2025
/ Contract Terms ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Due Diligence ,
Incident Response Plans ,
NYDFS ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Third-Party Risk ,
Third-Party Service Provider ,
Vendors
If you have not reviewed the recently approved, updated CCPA regulations, you might want to soon. There are several new requirements, along with many modifications and clarifications to existing rules. In this post, we...more
10/15/2025
/ Biometric Information ,
California ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Dashcams ,
Data Privacy ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Sensitive Personal Information ,
State Privacy Laws
As we discussed in Part 1 of this post, the California Privacy Protection Agency (CPPA) has approved significant updates to California Consumer Privacy Act (CCPA) regulations, which were formally approved by the California...more
10/14/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Data Privacy ,
Data Protection ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
Sensitive Personal Information ,
State Privacy Laws
The California Privacy Protection Agency (CPPA) has adopted significant updates to the California Consumer Privacy Act (CCPA) regulations, which were formally approved by the California Office of Administrative Law on...more
10/13/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
New Regulations ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Sensitive Personal Information ,
State Privacy Laws
Lured by the promise of better productivity and compliance with company policies, employee monitoring tools are gaining a lot of traction among employers.
On this episode of We get Privacy for work, we discuss the...more
According to Cybersecurity Dive, artificial intelligence is no longer experimental technology as more than 70% of S&P 500 companies now identify AI as a material risk in their public disclosures, according to a recent report...more
10/9/2025
/ Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Privacy Concerns ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Regulatory Requirements ,
Reputation Management ,
Risk Assessment ,
Risk Management
Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney...more
10/7/2025
/ California ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Incident Response Plans ,
New Legislation ,
Notice Requirements ,
Notification Requirements ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
State Data Breach Notification Statutes
Businesses across many industries naturally want to showcase their satisfied customers. Whether it’s a university featuring successful graduates, a retailer highlighting happy shoppers, or a healthcare facility showcasing...more
10/6/2025
/ Breach Notification Rule ,
Consent ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Marketing ,
Nursing Homes ,
OCR ,
Patient Privacy Rights ,
PHI ,
Social Media ,
State Privacy Laws
Recently, California’s Governor signed Assembly Bill (AB) 45, which builds on existing California laws, such as the Confidentiality of Medical Information Act, seeking to protect individuals seeking certain healthcare...more
9/30/2025
/ Business Associates ,
California ,
Data Collection ,
Data Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Location Data ,
New Legislation ,
Penalties ,
Personal Information ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Privacy Laws
From timekeeping technologies to dash cams, the Illinois Biometric Information Privacy Act (BIPA) is now being used to challenge a number and variety of time-saving programs and tools.
On this episode of We get Privacy for...more
On September 17, 2025, the Florida Agency for Health Care Administration (AHCA) will hold its first public meeting to discuss proposed rules designed to enhance transparency and preparedness around health care information...more
9/8/2025
/ Business Continuity Plans ,
Cybersecurity ,
Data Breach ,
Florida ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Incident Response Plans ,
Medicaid ,
Proposed Rules ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
The rapid adoption of AI notetaking and transcription tools has transformed how organizations (and individuals) capture, analyze, and share meeting and other content. But as these technologies expand, so too do the legal and...more
8/29/2025
/ Artificial Intelligence ,
California ,
CIPA ,
Class Action ,
Computer Fraud and Abuse Act (CFAA) ,
Consent ,
Data Privacy ,
Data Use Policies ,
ECPA ,
Privacy Laws ,
State Privacy Laws ,
Third-Party Service Provider ,
Vendors
On August 18, 2025, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with BST & Co. CPAs, LLP (BST). The announcement continues OCR’s escalating enforcement of the HIPAA...more
8/19/2025
/ Business Associates ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
PHI ,
Ransomware ,
Risk Assessment ,
Risk Management
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
8/14/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Security ,
Policies and Procedures ,
Privacy Policy ,
Ransomware ,
Risk Management ,
WISP
On July 1, 2025, California Attorney General Rob Bonta announced the largest CCPA settlement to date, which included a $1.55 million penalty against Healthline Media LLC. This settlement sends a clear message to businesses...more
8/6/2025
/ Advertising ,
California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookies ,
Data-Sharing ,
Enforcement ,
Enforcement Actions ,
Opt-Outs ,
Sensitive Personal Information ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Third-Party Service Provider ,
Web Tracking
On May 1, 2025, the California Privacy Protection Agency (CPPA) issued a Final Order in one of its first public enforcement actions under the California Consumer Privacy Act (CCPA), imposing a fine of nearly $350,000 on the...more