Enforcement of the Indiana Consumer Data Protection Act (CDPA) has begun, and its penalties can add up quickly. The CDPA was signed in 2023 and became effective January 1, 2026. The law governs how covered businesses collect,...more
2/10/2026
/ Compliance ,
Consumer Data Requests ,
Consumer Privacy Rights ,
Contract Terms ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement Actions ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
Does your company operate a website and do business in California? If so, you may soon receive (if you have not already) a letter from a law firm on behalf of a California resident aggrieved by your alleged violation of the...more
12/12/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Penalties ,
Privacy Laws ,
Privacy Policy ,
Risk Mitigation ,
State Privacy Laws ,
Third-Party ,
Web Tracking ,
Websites ,
Wiretapping
As companies evaluate potential mergers and acquisitions, joint ventures, or sale transactions, artificial intelligence (AI) must now be part of the discussion. AI can significantly impact a company’s valuation and risk...more
12/4/2025
/ Acquisitions ,
AI Act ,
Artificial Intelligence ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Intellectual Property Protection ,
Mergers ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Strict Product Liability ,
Trade Secrets
In a continuing effort to give consumers control of their personal data, California’s governor recently signed into law the California Opt Me Out Act (the Act). The Act will require businesses that develop or maintain...more
10/16/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
New Legislation ,
Opt-Outs ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Web Browsers
If your company’s marketing plan includes cross-context behavioral advertising (i.e., targeting ads to consumers based on their Internet browsing habits, also known as ad tracking), this alert may be for you.
The attorneys...more
9/19/2025
/ Advertising ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data-Sharing ,
Enforcement Actions ,
Investigations ,
Opt-Outs ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
1/22/2025
/ Breach Notification Rule ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
PHI ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Training
On January 6, 2025 the U.S. Department of Health and Human Services published a Proposed Rule (90 FR 898) to strengthen the HIPAA Security Rule and afford greater cybersecurity protections for electronic protected health...more
1/7/2025
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Information Technology ,
OCR ,
Risk Management ,
Subcontractors
As federal agencies and states grapple with regulating artificial intelligence (AI) to enhance its safety profile, and as businesses race to adopt AI for myriad purposes, it is important to recognize a general safety...more
On April 22, 2024, the Department of Health and Human Services (HHS) announced a Final Rule titled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability...more
In March 2024, the Department of Health and Human Services—through the Office of the National Coordinator for Health IT (ONC)—released a draft 2024-2030 Federal Health IT Strategic Plan for public comment. A collaborative...more
New Jersey has now joined the growing number of states that have enacted comprehensive online privacy protections for certain consumers and that have imposed requirements on companies collecting and processing consumer data...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
12/5/2023
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Genetic Testing ,
Geolocation ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Risk Assessment ,
Sensitive Personal Information
After considerable anticipation and speculation, President Biden recently issued an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.
While the EO focuses primarily on...more
11/20/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Bias ,
Civil Rights Act ,
Consumer Privacy Rights ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Joe Biden ,
Popular ,
Security Standards ,
Surveillance