Navigating Employee Data Responsibly: What’s the Tea in L&E?
AI, Algorithms, and Accountability: Unpacking the Colorado AI Act with Senator Rodriguez — Regulatory Oversight Podcast
Navigate the Money Matrix in Our Upcoming Series: Privacy, Security, and AI Explained — The Consumer Finance Podcast
No Password Required: Virtual CISO at Trace3 and Roller Derby Penalty Box Visitor
Block & Order | Building on Layer 1 with Jennie Levin: Algorand, Policy Shifts & Tokenization’s Future
The Privacy Insider Podcast Episode 21: What Businesses Get Wrong About Regulators and How to Fix Privacy Fast
12 Days of Regulatory Insights: Day 11 – FTC Enforcement Trends in a New Age — Regulatory Oversight Podcast
Listen: Digital Doppelgangers: Navigating AI and Likeness Rights
12 Days of Regulatory Insights: Day 8 – How State AGs Are Rewriting Social Media Rules — Regulatory Oversight Podcast
We get AI for work™: Is your Tool really AI?
Navigating FDA's 2025 AI Guidance: Risk-Based Framework, Public Comments, and Generative Models - The Good Bot Podcast
The Privacy Insider Podcast Episode 20: Privacy, Power, and the Algorithmic Workplace with Matthew Scherer of the Center for Democracy & Technology
The Down-Low on Data for Value-Based Enterprises and Their Participating Providers – Diagnosing Health Care Video Podcast
12 Days of Regulatory Insights: Day 5 – Privacy Under the Microscope — Regulatory Oversight Podcast
AI Boom and What the Future Holds - Data Centers Series
12 Days of Regulatory Insights: Day 4 – Open Records Realities — Regulatory Oversight Podcast
We get Privacy for work — Episode 12: Managing Competing Priorities: Data Breach Notification Laws and Trade Secrets
No Password Required: Founder of ThreatLocker and the Zero-Trust Revolution
Strategies for Mitigating Data Center Development Delays - Data Centers Series
The Impact of the 2024 CrowdStrike Incident on Cyber Insurance
On October 19, the Louvre Museum in Paris was burglarized in broad daylight. Priceless jewels were taken. The physical security of the museum has been faulted, but the museum has also been criticized for using outdated...more
Following our Nov. 30, 2022 post regarding the proposed regulatory updates to the rules governing privacy of substance use disorder treatment records and our Mar. 12, 2024 post covering the Final Rule, we are posting again to...more
A federal judge in the Western District of Texas granted preliminary injunctions (here and here) blocking enforcement of the state’s App Store Accountability Act (the “Act”), preventing the law from taking effect on January...more
Although originally adopted on February 16, 2024, the Federal Communications Commission again has decided to delay the effective date of its opt-out regulation until January 31, 2027. We discuss the reasoning for the most...more
The Health Insurance Portability and Accountability Act (HIPAA) regulations require updates to the Notice of Privacy Practices that health plan sponsors furnish to plan participants and health care providers furnish to...more
In recent years, defendants in data breach class action lawsuits filed in the state courts in North Carolina have succeeded in designating these disputes to the North Carolina Business Court. The Business Court has accepted...more
With the February 16, 2026, compliance deadline rapidly approaching, health care providers that provide substance use disorder (SUD) treatment reimbursed by federal health care programs, including Medicaid, must ensure their...more
Section 164k of the State School Aid Act (MCL 388.1764k) was signed into law on Oct. 7, 2025, and requires schools to comply with certain legal requirements or face a 5% state aid penalty. ...more
The California Privacy Protection Agency (known as CalPrivacy) recently published its latest enforcement strikes against two data brokers for failing to register. ...more
Shadow AI governance has become a critical challenge as organizations accelerate generative AI adoption faster than enterprise controls can keep up. Over the past two years, organizations have raced through every stage of the...more
Artificial Intelligence (AI) is continuing to transform workplaces at a rapid pace; however, alongside the often-sanctioned deployment of tools like Microsoft Copilot or Google Gemini, a quieter trend has emerged: Shadow AI....more
Throughout 2025, state attorneys general (AGs) took center stage in a range of investigations, enforcement actions, and litigation. As federal enforcement action slows in some areas, and other branches of government struggle...more
Key point: Kentucky attorney general files a lawsuit against an artificial intelligence chatbot company, eight days after the Kentucky Consumer Data Protection Act went into effect. On January 8, the Kentucky attorney...more
n December, DWT's Washington, D.C., office hosted a luncheon in connection with the Financial Technology Association featuring guest speaker Chris Mufarrige, the current FTC Director of the Bureau of Consumer Protection. DWT...more
The Federal Trade Commission (FTC) announced a proposed consent order with Illusory Systems Inc. (Illusory), a Utah-based blockchain infrastructure company that operates the Nomad Token Bridge. The settlement resolves the...more
In the past couple of years, we have seen an explosion in the number of demand letters and lawsuits involving alleged violations of the California Invasion of Privacy Act (“CIPA”). Oftentimes, recipients of a CIPA demand feel...more
On January 6, 2026, the Consumer and Governmental Affairs Bureau (Bureau) of the Federal Communications Commission (FCC) issued a Second Extension Order, extending the agency’s initial limited waiver of a portion of its...more
Employers in Germany face a complex legal landscape when monitoring employees’ digital communication, including email, internet, and telephone use. Recent legal developments and longstanding constitutional protections create...more
The European Commission recently published a comprehensive legislative proposal, known as the Digital Omnibus, aimed at simplifying data regulation within the European Union by amending key legislation governing digital data....more
Although Indiana adopted the Consumer Data Protection Act (CDPA) in 2023, on January 1, 2026, the CDPA rubber officially hit the road. This data privacy law regulating how businesses must handle the personal information of...more
Health care providers and health plans (Covered Entities) required to maintain HIPAA Notice of Privacy Practices (NPPs) must update their NPPs by Feb. 16, 2026, to address the handling of substance use disorder (SUD) records....more
Effective April 18, 2026, New York State will prohibit employers from requesting or using consumer credit history for employment decisions, with only narrow exemptions. The law also prohibits background screening agencies...more
Key point: With a new governor taking office in New Jersey later this month, the fate of rules proposed last year to implement the New Jersey Data Privacy Act (NJDPA) will be decided by the incoming administration. On...more
The law has extraterritorial reach over digital platforms and internet service providers that operate in, or target users in, the UAE....more
As of Jan. 1st, the California Consumer Protection Act (“CCPA”) and accompanying regulations now require businesses to complete a risk assessment before engaging in certain “high-risk” personal information processing. ...more
