Oklahoma will soon join 19 other states and add to the patchwork of consumer privacy laws that multistate employers have to navigate beginning January 1, 2027. Governor Kevin Stitt signed the Oklahoma Consumer Data Privacy...more
4/3/2026
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Incident Response Plans ,
Multistate Employers ,
New Legislation ,
Notice Requirements ,
Personal Data ,
Popular ,
State Privacy Laws
Merriam-Webster recently named “slop” as its 2025 Word of the Year, citing the explosion of low-quality, AI-created digital content that now clogs all of our inboxes and social feeds. While employers and business leaders...more
We are noticing that an increasing number of data subject requests received by our clients are being submitted by “authorized agents” specifically set up to send such requests. These agents can be individuals or business...more
As hurricanes devastate the Caribbean, employers in the US are preparing for a potential impact late in the season. This detailed set of Frequently Asked Questions, fully updated for 2025, addresses the workplace-related...more
10/31/2025
/ Business Closures ,
Corporate Counsel ,
Disaster Preparedness ,
Employee Assistance Programs ,
Employee Benefits ,
Employee Privacy Rights ,
Employer Liability Issues ,
Employment Policies ,
Foreign Workers ,
Hiring & Firing ,
Hurricane Season ,
Labor Relations ,
Layoffs ,
Leave of Absence ,
Natural Disasters ,
Severe Weather ,
Unemployment Benefits ,
Wage and Hour ,
Workers' Compensation Claim ,
Workplace Hazards ,
Workplace Injury ,
Workplace Safety
A recent privacy rights development could have major implications for any school or non-profit that has a website, as a Michigan federal court gave the greenlight for a video privacy protection lawsuit to proceed against...more
10/24/2025
/ Colleges ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Educational Institutions ,
Personally Identifiable Information ,
School Districts ,
Social Media ,
Third-Party Service Provider ,
Tracking Systems ,
Universities ,
Video Privacy Protection Act ,
Websites ,
Wiretapping
The New York Department of Financial Services (NYDFS) just sent a stark reminder to covered entities (which includes financial institutions, insurance companies, and any other businesses regulated by the NYDFS) that they are...more
10/24/2025
/ Best Practices ,
Contract Termination ,
Contract Terms ,
Covered Entities ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Due Diligence ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management ,
Third-Party Risk ,
Third-Party Service Provider
The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and...more
10/1/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Employee Privacy Rights ,
Employer Liability Issues ,
Enforcement Actions ,
Hiring & Firing ,
Job Applicants ,
Notice Requirements ,
Opt-Outs ,
Popular ,
Privacy Policy
The FTC just announced a $7.5 million settlement with an educational technology company over its unlawful cancellation practices, sending a warning to all businesses that offer subscription-based offerings. Even though a...more
Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher...more
9/10/2025
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Enforcement Actions ,
Fines ,
Identity Theft ,
Incident Response Plans ,
Notice Requirements ,
Pending Legislation ,
Personal Information ,
Personally Identifiable Information ,
Privacy Policy
Congress is asking the financial industry – and anyone else with a stake in consumer data – to weigh in on the future of the Gramm-Leach-Bliley Act (GLBA). On July 31, the US House Financial Services Committee leaders issued...more
8/18/2025
/ Comment Period ,
Consumer Information ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Security ,
Financial Institutions ,
Financial Services Committee ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment
A federal appeals court just vacated the FTC’s controversial Click-to-Cancel rule on procedural grounds – but businesses shouldn’t drop their guard just yet. Many states already have their own automatic renewal laws on the...more
Federal officials just postponed enforcement of the Click-to-Cancel rule, which requires businesses offering subscriptions or memberships to provide a cancellation process as straightforward as the sign-up procedure. The...more
New cybersecurity requirements just kicked in for thousands of financial firms operating in New York, and companies need to make sure they have taken action to comply. As of May 1, the latest amendments to the New York...more
Two recent court decisions have provided businesses with long-awaited clarity on the reach of the California Invasion of Privacy Act (CIPA) – and could begin to redefine digital privacy litigation for the better. Two separate...more
2/11/2025
/ California ,
CIPA ,
Consumer Privacy Rights ,
Cookies ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Popular ,
State Privacy Laws ,
Web Tracking ,
Website Owner Liability ,
Websites ,
Wiretapping
Just one business day before new robotext and robocall rules requiring one-to-one consent and “logically and topically” related requirements were set to take effect, a federal appeals court vacated the requirements and...more
2/3/2025
/ Auto-Dialed Calls ,
Consent ,
FCC ,
New Rules ,
Prior Express Consent ,
Robocalling ,
Statutory Authority ,
TCPA ,
Text Messages ,
Vacated ,
Written Consent
Some businesses might be surprised to learn that digital wiretapping litigation claims are one of today’s fastest-growing compliance risks, with over 1,560 lawsuits filed in 28 states since a groundbreaking 2022 decision...more
1/15/2025
/ Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Mobile Apps ,
Personally Identifiable Information ,
Privacy Laws ,
Web Tracking ,
Website Owner Liability ,
Websites ,
Wiretapping
Many employers have turned to geolocation tools like GPS devices to monitor employees’ whereabouts and movements – especially those working remotely or in field-based roles. While these tools provide an effective way to boost...more
1/10/2025
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Documentation ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Tracking ,
Geolocation ,
Informed Consent ,
Legitimate Business Purpose ,
Privacy Laws ,
Proportionality ,
Transparency
Businesses that use robocalls or robotexts for marketing purposes will soon need to adjust to new rules that take effect in early 2025. The Federal Communications Commission made several changes to rules under the Telephone...more
11/22/2024
/ Auto-Dialed Calls ,
Consent ,
Corporate Counsel ,
Do Not Call List ,
FCC ,
New Rules ,
Prior Express Consent ,
Revocation ,
Robocalling ,
TCPA ,
Telemarketing ,
Text Messages ,
Written Consent
It’s no longer good enough for your business to have a reactive approach to consumer privacy – you need a proactive strategy to manage compliance, foster consumer trust, and stay competitive in this modern era. While many...more
11/13/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Deletion ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Data-Sharing ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
State Privacy Laws ,
Third-Party Risk ,
Vendor Contacts ,
Vendors
The government recently reminded employers and vendors that they have obligations when it comes to use of workplace-related AI tools – and your business may need to update its practices in order to comply. The Consumer...more
11/13/2024
/ Adverse Employment Action ,
Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Consumer Reports ,
Data Collection ,
Employee Monitoring ,
Employees ,
Fair Credit Reporting Act (FCRA) ,
Job Applicants ,
Vendors
The federal government just fundamentally changed how businesses need to handle recurring subscriptions by unveiling its new “Click-to-Cancel” rule and making it mandatory to simplify cancellation processes. Designed to...more
Colorado employers could soon need to comply with the disclosure and consent requirements of the state’s privacy act when they collect biometric identifiers from employees or applicants – which would make Colorado the first...more
10/4/2024
/ Biometric Information ,
Colorado ,
Consent ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Employees ,
Hiring & Firing ,
Job Applicants ,
Privacy Policy ,
Proposed Regulation ,
State Privacy Laws
Businesses with a website beware: California regulators just warned that the law prohibits your website from making website users jump through hoops or otherwise confusing them as they try to exercise their privacy rights,...more
9/10/2024
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Consumer Confusion ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Data Use Policies ,
Personally Identifiable Information ,
Privacy Policy ,
Website Owner Liability ,
Websites
A Japanese supermarket chain is getting attention for implementing an AI tool called “Mr. Smile” that monitors workers for the quality and quantity of their smiles when interacting with customers, raising questions around the...more