Companies that map data breach trend lines against industry-specific obligations can convert raw statistics into risk governance strategies. This exercise can be especially valuable amid fast-shifting attack techniques,...more
12/5/2025
/ Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Healthcare ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On November 20, 2025, the U.S. Securities and Exchange Commission (SEC) filed a joint stipulation with SolarWinds Corp. and its chief information security officer (CISO), Timothy Brown, to dismiss with prejudice the...more
12/3/2025
/ Chief Information Security Officer (CISO) ,
Corporate Counsel ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Dismissal With Prejudice ,
Enforcement Actions ,
Internal Controls ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
SolarWinds
Over the past five years, businesses have been faced with an increasingly burdensome regulatory environment in the U.S. and European Union when it comes to data privacy and artificial intelligence laws....more
On September 30, the U.S. Department of Justice (DOJ) announced an $875,000 settlement with a university over failures to comply with the data security obligations in certain contracts with the Air Force and the Defense...more
11/5/2025
/ Compliance ,
Corporate Counsel ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Qui Tam ,
Settlement ,
Subcontractors ,
US Air Force ,
Whistleblowers
On October 14, 2025, the Fourth Circuit issued its opinion in Holmes v. Elephant Insurance Company, clarifying that plaintiffs in data breach class actions must demonstrate that their compromised personal information was...more
10/27/2025
/ Appellate Courts ,
Article III ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Injury-in-Fact ,
Litigation Strategies ,
Public Disclosure ,
Risk Management ,
Standing
In August 2025, the Department of Justice (DOJ) launched a cross-agency Trade Fraud Task Force to facilitate implementation of the White House's proposed changes in its January 2025 "America First Trade Policy." ...more
On September 23, 2025, the California Privacy Protection Agency finalized major regulations under the California Consumer Privacy Act (CCPA), introducing new requirements for cybersecurity audits, risk assessments, automated...more
On September 26, 2025, the California Privacy Protection Agency (CPPA) issued a decision requiring Tractor Supply Company to restructure its privacy practices and pay a $1.35 million fine to resolve alleged violations of the...more
10/10/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Contract Terms ,
Corporate Fines ,
Data Privacy ,
Enforcement Actions ,
Job Applicants ,
Penalties ,
Retailers ,
Settlement ,
State Privacy Laws ,
Statutory Violations
The California Privacy Protection Agency and the attorneys general of California, Colorado, and Connecticut announced joint investigations this month into companies that may be ignoring Global Privacy Control (GPC), a type of...more
9/30/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Enforcement Actions ,
Multistate Investigations ,
New Legislation ,
Opt-Outs ,
State Attorneys General ,
State Privacy Laws ,
Web Browsers ,
Websites
The U.S. Department of Defense (DOD) issued a final rule this month that fundamentally changes eligibility for DOD procurement by tying contract awards directly to cybersecurity readiness....more
9/23/2025
/ Contract Terms ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Final Rules ,
NIST ,
Prime Contractor ,
Subcontractors ,
Supply Chain
When the European Central Bank declared the Spanish bank, Banco Popular Español, as "failing or likely to fail" in 2017, the Single Resolution Board (SRB) stepped in to resolve the issue by announcing the transfer of all...more
9/16/2025
/ Data Controller ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Debt Restructuring ,
EDPS ,
EU ,
European Central Bank ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Authority ,
Spain ,
Third-Party Service Provider ,
Transparency ,
Winding Down
Though recently stalled, California legislators have been taking steps over the past few months to address the surge of "pixel-tracking" lawsuits impacting businesses. ...more
On May 21, 2025, the Federal Trade Commission (FTC) finalized a consent order with GoDaddy to settle allegations that the web hosting company misled customers and failed to implement basic data security protections. Although...more
8/15/2025
/ Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
GoDaddy.com ,
Marriott ,
Misleading Statements ,
Regulatory Requirements ,
Unfair or Deceptive Trade Practices
Earlier this spring, the U.S. Department of Justice’s National Security Division (NSD) launched the data security program (DSP). The program is designed to address national security risks posed by foreign adversaries' access...more
8/11/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Centers ,
Data Security ,
Department of Justice (DOJ) ,
Export Controls ,
Foreign Adversaries ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Penalties ,
Personal Data ,
Prohibited Transactions ,
Reporting Requirements ,
Restricted Transactions
This week the Department of Justice (DOJ) announced its new approach to corporate criminal enforcement, "Focus, Fairness, and Efficiency in the Fight Against White Collar Crime."...more
5/19/2025
/ Compliance Monitoring ,
Corporate Governance ,
Declination ,
Department of Justice (DOJ) ,
Enforcement Priorities ,
Financial Crimes ,
Fraud ,
National Security ,
Popular ,
Voluntary Disclosure ,
Whistleblower Protection Policies ,
Whistleblowers ,
White Collar Crimes
On March 3, 2025, the U.S. District Court for the Northern District of California issued a significant ruling that has the potential to broaden the risk of liability under the California Consumer Privacy Act (CCPA). ...more
4/30/2025
/ California Consumer Privacy Act (CCPA) ,
Capital One ,
Class Action ,
Cookies ,
Corporate Liability ,
Data Privacy ,
Disclosure Requirements ,
Litigation Strategies ,
Personal Information ,
Popular ,
Privacy Laws ,
Third-Party ,
Web Tracking
A major vehicle automaker will have to change its business practices and pay a hefty fine to resolve claims that the company violated the California Consumer Privacy Act (CCPA), according to the state regulatory authority...more
3/26/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Cookies ,
Corporate Fines ,
Data Privacy ,
Enforcement Actions ,
Honda ,
Opt-In ,
Opt-Outs
Comprehensive state privacy laws often task a state regulator to promulgate accompanying regulations that clarify the law’s requirements and to enforce the law by providing further guidance through its enforcement actions....more
Welcome back to the last installment of our three-part series for Data Privacy Week. We previously discussed the foundations of data privacy law and the current state of privacy landscape for companies, and we will now turn...more
Welcome back to the second installment of our three-part series for Data Privacy Week 2025. We previously discussed the foundations of data privacy laws, and now we will focus on the current landscape of U.S. state privacy...more
1/29/2025
/ Artificial Intelligence ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Machine Learning ,
Personal Information ,
Regulatory Requirements ,
Rulemaking Process ,
State Privacy Laws
Each year, Data Privacy Week offers an opportunity for companies and professionals to revisit the fundamentals of data privacy. This year, we are celebrating Data Privacy Week, which runs through January 31, by releasing a...more
Companies continue to face a patchwork of state data privacy laws, federal agencies targeted companies' collection of sensitive consumer information, and a handful of states passed artificial intelligence-related regulation...more
1/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Popular ,
Privacy Laws ,
State Privacy Laws
It is challenging for businesses to maintain their competitive marketing edge while simultaneously reacting to ever-changing regulations on consumer data collection, usage, and sharing....more
Artificial intelligence transcription tools are changing how internal and external meetings are recorded and notes are shared. These tools generate real-time transcripts of meetings, letting participants focus on the...more
The U.S. Department of Justice (DOJ) recently updated its Evaluation of Corporate Compliance Programs (ECCP), which prosecutors consider when investigating, charging, and negotiating plea or other agreements with...more
11/8/2024
/ Analytics ,
Artificial Intelligence ,
Chief Compliance Officers ,
Compliance ,
Department of Justice (DOJ) ,
New Guidance ,
Risk Assessment ,
Risk Management ,
Whistleblower Awards ,
Whistleblower Protection Policies ,
Whistleblowers