Moving Beyond Checkbox Diligence with SOC Reports
AI State Regulatory Frontiers: Inside the New Wave of State AI Laws — Regulatory Oversight Podcast
AI State Regulatory Frontiers: Inside the New Wave of State AI Laws
Charting a Course for Collections: Diagnosing Compliance and Privacy Risks in Medical Debt — The Consumer Finance Podcast
AI State Regulatory Frontiers: How Existing Laws Regulate AI — Regulatory Oversight Podcast
Episode 406 -- AI Risks and Compliance: Building a Governance Framework
DOJ’s Bulk Sensitive Data Transfer Rule: Key Insights for Health Care Compliance Teams – Diagnosing Health Care
Decrypted Podcast | Decoding NIS2: Europe's New Cybersecurity Playbook
PODCAST – 2026 To Do: HIPAA Compliance
2026 To Do: HIPAA Compliance
Employer AI Headaches: Job Postings, Client Privilege, and Microchip Bans - Employment Law This Week®
No Password Required: Project Manager at Rapid7 and Queen of Cyber Media
Episode 402: Paul Allen: The Promise of AI, Governance and Public Trust
AI Exacerbates Data Minimization Challenges
Podcast - Registro de infieles: ¿Violación de datos personales?
Decrypted Podcast | The First 72 Hours of a Ransomware Attack
No Password Required: AI Security Researcher and Documentarian of Spirituality and Play
NYC Enforcement Blitz, CA Surveillance Pricing, and PA Criminal History Rule Update - #WorkforceWednesday® - Employment Law This Week®
The Privacy Insider Podcast Episode 23: How CalPrivacy Balances Enforcement, Transparency, and Innovation with Tom Kemp of the California Privacy Protection Agency
2026 Trends to Watch: Regulation, Infrastructure and IP in Motion
Colorado’s governor has signed an amendment (S.B. 26-189) to Colorado’s artificial intelligence law, substantially reducing the compliance burden on employers. The Colorado General Assembly passed the bill one day before the...more
The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses....more
Organizations should prioritize compliance efforts in light of mounting regulatory scrutiny and potential fines....more
On May 4, 2026, the Federal Trade Commission (“FTC”) announced a proposed settlement resolving its long-running litigation against Idaho-based data broker Kochava Inc. (“Kochava”) and its subsidiary, Collective Data...more
On May 8, 2026, California Attorney General Rob Bonta, together with several county district attorneys (DAs) and the California Privacy Protection Agency (CalPrivacy), announced a $12.75 million settlement with General Motors...more
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (“BIPA”) has been recognized as a pioneering law in biometric privacy, imposing strict requirements on private entities that collect or use biometric...more
The Federal Trade Commission (FTC) is poised to begin enforcement of the TAKE IT DOWN Act (the “Act”), the first comprehensive federal enforcement scheme to address nonconsensual intimate imagery ("NCII") appearing on online...more
On April 15, 2026, European Commission President Ursula von der Leyen and Executive Vice-President Henna Virkkunen issued a statement (the Statement) announcing that the European Commission has developed a digital age...more
Malaysia’s Personal Data Protection Commissioner (“PDPC”) has recently issued three new guidelines clarifying key concepts under the Personal Data Protection Act 2010 (“PDPA”), covering: • Data Protection Impact...more
AI does not change the fundamental dynamics of managing liability and discoverability. The duties of confidentiality, the rules of attorney-client privilege, and the work product doctrine all operate on the principles they...more
Try to recall your privacy practice 20 years ago, in May 2006. The California breach notification statute, the first one in the country, had become effective on January 1, 2003. The California Online Privacy Protection Act...more
A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc.,...more
On May 11, 2026, the Connecticut General Assembly passed Senate Bill 5, and Governor Lamont is expected to sign it into law. The law is a comprehensive online safety law with significant requirements relating to Automated...more
One of the most consequential structural decisions facing organizations today is whether to continue operating privacy and security as separate functions or to begin integrating them in anticipation of the AI-driven...more
Education institutions using the Canvas learning management system (LMS), operated by Instructure, may be impacted by a recently disclosed cybersecurity incident involving unauthorized access to customer-associated data. The...more
The European Union announced that agreement had been reached on material amendments expected to be introduced into the EU AI Act as part of the Digital Omnibus legislative amendment intended to simplify data-related...more
California AG Rob Bonta, with several California district attorneys and investigative support from the California Privacy Protection Agency, reached a $12.75 million settlement with General Motors and OnStar resolving...more
The legal architecture for AI governance is no longer about policy adoption but about whether an organization can produce evidence that traces from board-level authorization to production inference, drift event, prompt or...more
For most of its HIPAA enforcement history, the HHS Office for Civil Rights (OCR) has engaged in a remarkably similar pattern with (allegedly) noncompliant healthcare organizations:...more
On May 9, 2026, the Colorado General Assembly passed Senate Bill 26-189 (the "Bill"), which repeals and reenacts the previously passes SB 24-25 (Colorado's “AI Act") with comprehensive new requirements governing the use of...more
Oklahoma AG Gentner Drummond sued Temu and related entities for allegedly violating the Oklahoma Consumer Protection Act through undisclosed data collection and deceptive retail practices....more
Maryland Governor Wes Moore recently signed HB 895, the Maryland Protection From Predatory Pricing Act, into law, making Maryland the first state in the nation to restrict personalized, data-driven pricing in the grocery...more
A group of our Hinshaw colleagues had a front-row seat as the Diamond Sponsor firm at last week’s Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference in Miami from May 4–7, 2026. Several of our team...more
On Thursday, May 28, in the next installment of Rivkin Radler’s Health Law Executive Briefings, Ashley Algazi and Tim Gonzalez will present “Examining AI in Health Care, a Review of Key Strategic, Legal, and Regulatory...more
The provisions of the Data (Use and Access) Act 2025 (DUAA) have come into force gradually, via a phased introduction, in the months since the Act received Royal Assent on 19 June 2025. This briefing summarises key changes...more