State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
No Password Required: CEO of HACKERverse.ai, Disruptor of Cybersecurity Sales and Most Other Things
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — The Good Bot Podcast
The FinReg Frontier: AI and Machine Learning in Consumer Finance — The Consumer Finance Podcast
#WorkforceWednesday®: Artificial Intelligence Regulations for Employers - Employment Law This Week®
Dialing In: The TCPA and Auto Finance — Moving the Metal: The Auto Finance Podcast
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
The Privacy Insider Podcast Episode 12: Compliance Is Good Business: Getting Beyond Fines with Tom Fox of Compliance Podcast Network
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Navigating 2025: Federal Legislative and Regulatory Updates on Stablecoins and Decentralized Finance — The Crypto Exchange Podcast
DOJ Addresses AI in Corporate Compliance Programs — The Good Bot Podcast
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — Hiring to Firing Podcast
FINCast Ep. 40 – 21st Century Financial Warfare: Technology, Economy, & National Security
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
AGG Talks: Women in Tech Law Podcast - Episode 6: Navigating the Legal Landscape of Venture Capital: Key Considerations for Startups
Approach to Responsible AI
Litigants in data breach class actions often fight over whether a data breach investigation report prepared in response to the breach is protected by the work-product doctrine. Common areas of dispute include whether the...more
Selected U.S. Privacy & Cyber Updates - DOJ Settles False Claims Act Case with MORSECORP over Cybersecurity Program - On March 26, 2025, the U.S. Department of Justice (DOJ) announced that it had reached an agreement with...more
Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as...more
On April 8, 2025, the Department of Justice’s new rule on Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons took effect. The rule, referred to by DOJ as the Data...more
A new study by Ivanti illustrates that one out of three workers secretly use artificial intelligence (AI) tools in the workplace. They do so for varying reasons, including “I like a secret advantage,” “My job might be...more
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making...more
Effective July 1, 2025, Tennessee enters the national privacy conversation with the Tennessee Information Protection Act (TIPA), becoming the latest state to enact a comprehensive consumer data privacy law. However, this...more
Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors...more
Negotiating a data processing agreement (DPA) is typically a necessary step when engaging vendors that handle personal data. However, these negotiations have become time consuming and complex, given the evolving privacy...more
On January 14, 2025, Sen. Brent Howard and Rep. John Pfeiffer introduced Senate Bill 626, which amends and updates Oklahoma’s Security Breach Notification Act, 24 Okla. Stat. § 161 et seq. That Act currently requires that...more
In early 2024, the Colorado state legislature passed Senate Bill 24-205, Consumer Protections for Interactions with Artificial Intelligence Systems (CPIAIS), which was signed into law by Governor Jared Polis on May 17, 2024....more
Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the...more
On May 8, Montana Governor Greg Gianforte signed into law Senate Bill 297 (SB 297), a bill that significantly revises the existing Montana Consumer Data Privacy Act (MCDPA). Although the MCDPA took effect on October 1, 2024,...more
On April 28 2025, the Court of Justice of the European Union (CJEU) published an updated version of the fact sheet (the Fact Sheet) summarising key case law on protection of personal data. The Fact Sheet covers the case law...more
While Andrew Ferguson advocates for a restrained regulatory approach at the FTC, his statements and voting record reveal clear priority areas where businesses can expect continued vigorous enforcement. Two areas stand out in...more
On May 15, the CFPB withdrew three Biden-era rulemaking proposals, including a December 2024 proposal to regulate data brokers as consumer reporting agencies under the Fair Credit Reporting Act (FCRA), a January proposal to...more
In an earlier piece, we discussed the increase in recently-filed California Invasion of Privacy Act (“CIPA”) TikTok trap and trace device lawsuits. Generally, TikTok trap and trace actions allege that the use of TikTok...more
Texas AG Ken Paxton announced a settlement in principle with Google LLC to resolve allegations of data privacy and security violations. The settlement will resolve lawsuits filed by Texas against Google for allegedly...more
In a significant enforcement move, California’s consumer privacy regulator just ordered a national clothing retailer to pay a $345,178 fine to resolve alleged violations of the state’s privacy law. The California Privacy...more
A federal district court recently found that employees aren’t protected by Kentucky’s consumer protection law because they don’t qualify as consumers, handing a solid win to employers. The April 21 decision in Viviali v. One...more
With the passage of Senate Bill 142, the App Store Accountability Act (the “Act”), Utah became the first state to pass legislation requiring app store providers to verify users’ ages and block minors from downloading apps or...more
On May 13, 2025, the European Commission (EC) published draft guidelines on the protection of minors online. The guidelines outline the proposed measures that the EC expects online platforms accessible to minors to take to...more
The California Consumer Privacy Protection Agency (CPPA) Board issued a stipulated final order against Todd Snyder, Inc., a clothing retailer based in New York, requiring the company to pay a $345,178 fine and update its...more
By now, we all know what AI is. Some of us use ChatGPT as our search engine, confidant, secretary, travel agent, and much more. Others, at least, are acutely aware that AI exists, because everyone else is talking about it,...more
Below, we catalog certain current state laws regulating the development and use of AI systems and technologies passed between 2019 and 2025. This list focuses on legislative initiatives that have passed and are in effect or...more