No Password Required: CISO at RSA and Champion of a Passwordless Future
From Diligence to Post-Closing: What’s Shifting in 2026 Health Care Transactions
Point-of-Sale Finance Series: Health Care Financing Compliance, Regulatory, and Privacy Pitfalls — Payments Pros – The Payments Law Podcast
Point-of-Sale Finance Series: Health Care Financing Compliance, Regulatory, and Privacy Pitfalls — The Consumer Finance Podcast
From Showroom to Server Room: AI in Auto Finance — Moving the Metal: The Auto Finance Podcast
Navigating Employee Data Responsibly: What’s the Tea in L&E?
AI, Algorithms, and Accountability: Unpacking the Colorado AI Act with Senator Rodriguez — Regulatory Oversight Podcast
Navigate the Money Matrix in Our Upcoming Series: Privacy, Security, and AI Explained — The Consumer Finance Podcast
No Password Required: Virtual CISO at Trace3 and Roller Derby Penalty Box Visitor
Block & Order | Building on Layer 1 with Jennie Levin: Algorand, Policy Shifts & Tokenization’s Future
The Privacy Insider Podcast Episode 21: What Businesses Get Wrong About Regulators and How to Fix Privacy Fast
12 Days of Regulatory Insights: Day 11 – FTC Enforcement Trends in a New Age — Regulatory Oversight Podcast
Listen: Digital Doppelgangers: Navigating AI and Likeness Rights
12 Days of Regulatory Insights: Day 8 – How State AGs Are Rewriting Social Media Rules — Regulatory Oversight Podcast
We get AI for work™: Is your Tool really AI?
Navigating FDA's 2025 AI Guidance: Risk-Based Framework, Public Comments, and Generative Models - The Good Bot Podcast
The Privacy Insider Podcast Episode 20: Privacy, Power, and the Algorithmic Workplace with Matthew Scherer of the Center for Democracy & Technology
The Down-Low on Data for Value-Based Enterprises and Their Participating Providers – Diagnosing Health Care Video Podcast
12 Days of Regulatory Insights: Day 5 – Privacy Under the Microscope — Regulatory Oversight Podcast
AI Boom and What the Future Holds - Data Centers Series
The California Privacy Protection Agency has issued two new enforcement decisions that underscore its expanding focus on data broker accountability under the Delete Act. In actions announced on January 8, 2026, CalPrivacy...more
Artificial intelligence was the dominant technology story of 2025, and will remain so in 2026. For better or worse – or, more likely, for both better and worse at the same time – AI is now seeping into every corner of...more
On November 10, 2025, New York’s Algorithmic Pricing Disclosure Act, N.Y. Gen. Bus. Law § 349-a, took effect. The act survived a First Amendment challenge, becoming the first enacted statute of its kind....more
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
Every day, we see the increasing role of technology in our healthcare world. It wasn’t all that long ago that we began the transition to electronic medical records, and portable devices mostly meant BlackBerries....more
In Florida’s 2026 legislative session, both chambers will consider bills that would impose strict requirements for caller identification on businesses. The bills target both telecommunications companies and the callers....more
As organizations across the country adapt to an ever-changing digital environment, 2025 brought a wave of important updates in data privacy and cybersecurity at both the federal and state levels. New and amended state laws,...more
The EU Cyber Resilience Act (“CRA”) establishes mandatory cybersecurity requirements for most hardware and software products made available on the EU market. While the CRA's date of full application (11 December 2027) is...more
Scrutiny of European Union's dependence on non-European cloud services is intensifying amid geopolitical tensions and rising cyber risk. U.S. hyperscalers control more than 70% of the EU cloud market, while European...more
What Businesses Need to Know - Contrary to the expectations of many in the privacy field, no new state-level data privacy laws were passed in 2025. As we enter 2026, however, several laws that were passed in 2024, along...more
While often described as a hybrid of Software‑as‑a‑Service (SaaS) and Business Process Outsourcing (BPO), Business-Process-as-a-Service (BPaaS) is far more than the sum of its parts. It represents a strategic shift toward...more
New York state has joined New York City and the other jurisdictions that limit an employer’s ability to use an applicant’s or employee’s credit information in making employment decisions. Beginning April 18, 2026, New York...more
Businesses across many industries are racing to capture the value of artificial intelligence (AI) notetakers and meeting recording tools. The promise is obvious: faster follow‑ups, searchable records, and fewer dropped...more
Deepfakes have moved from novelty to material enterprise risk, reshaping how organizations assess privacy, security, brand integrity and marketing. This technology can erode evidentiary trust, enable impersonation and fraud...more
In February 2024, HHS finalized significant revisions to 42 CFR Part 2, the federal regulation governing the confidentiality of SUD treatment records. Part 2 has historically imposed stricter privacy protections than HIPAA,...more
The UK's online safety regulatory framework reached a significant milestone in 2025 with the first wave of risk assessments submitted under the Online Safety Act (OSA). Ofcom has now published its Year 1 Online Safety Risk...more
As noted in last week’s post, privacy risk assessments are now required in several states. Of the 19 U.S. states with comprehensive consumer data privacy laws, all but two mandate that businesses conduct privacy risk...more
The NSW Government has announced legislative reforms that will enhance the surveillance powers of investigative agencies including NSW’s Independent Commission Against Corruption (ICAC)....more
On January 14, 2026, the Federal Trade Commission finalized a sweeping order against General Motors LLC, General Motors Holdings LLC, and OnStar LLC. The order resolves allegations that the companies collected, retained, and...more
Data Privacy Day is recognized globally each year on January 28 as an international effort to raise awareness regarding the importance of secure privacy practices and data protection. The date commemorates the signing of...more
Rob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and...more
eDiscovery has become increasingly complex and costly. What once involved a few servers and email archives has become a vast network of cloud systems, collaboration tools, and AI-driven applications. As the volume and variety...more
Internal investigations are an important component of an effective legal and compliance program within health care organizations. These investigations may arise from many varied situations ranging from patient complaints,...more
If you work at or with an investment adviser, the SEC’s 2026 examination priorities are critical because they shape what examiners will scrutinize when assessing whether firms are acting in clients’ best interests, keeping...more
State attorneys general (AGs) are among the most active and influential regulators in the U.S., using broad statutory authority, political visibility, and growing technical knowledge to shape policy and enforcement across...more
