No Password Required: CISO at RSA and Champion of a Passwordless Future
From Diligence to Post-Closing: What’s Shifting in 2026 Health Care Transactions
Point-of-Sale Finance Series: Health Care Financing Compliance, Regulatory, and Privacy Pitfalls — Payments Pros – The Payments Law Podcast
Point-of-Sale Finance Series: Health Care Financing Compliance, Regulatory, and Privacy Pitfalls — The Consumer Finance Podcast
From Showroom to Server Room: AI in Auto Finance — Moving the Metal: The Auto Finance Podcast
Navigating Employee Data Responsibly: What’s the Tea in L&E?
AI, Algorithms, and Accountability: Unpacking the Colorado AI Act with Senator Rodriguez — Regulatory Oversight Podcast
Navigate the Money Matrix in Our Upcoming Series: Privacy, Security, and AI Explained — The Consumer Finance Podcast
No Password Required: Virtual CISO at Trace3 and Roller Derby Penalty Box Visitor
Block & Order | Building on Layer 1 with Jennie Levin: Algorand, Policy Shifts & Tokenization’s Future
The Privacy Insider Podcast Episode 21: What Businesses Get Wrong About Regulators and How to Fix Privacy Fast
12 Days of Regulatory Insights: Day 11 – FTC Enforcement Trends in a New Age — Regulatory Oversight Podcast
Listen: Digital Doppelgangers: Navigating AI and Likeness Rights
12 Days of Regulatory Insights: Day 8 – How State AGs Are Rewriting Social Media Rules — Regulatory Oversight Podcast
We get AI for work™: Is your Tool really AI?
Navigating FDA's 2025 AI Guidance: Risk-Based Framework, Public Comments, and Generative Models - The Good Bot Podcast
The Privacy Insider Podcast Episode 20: Privacy, Power, and the Algorithmic Workplace with Matthew Scherer of the Center for Democracy & Technology
The Down-Low on Data for Value-Based Enterprises and Their Participating Providers – Diagnosing Health Care Video Podcast
12 Days of Regulatory Insights: Day 5 – Privacy Under the Microscope — Regulatory Oversight Podcast
AI Boom and What the Future Holds - Data Centers Series
Despite having been enacted decades ago – during the heyday of the neighborhood brick-and-mortar video store – the federal Video Privacy Protection Act (VPPA) remained as relevant as ever in 2025. Companies continued to face...more
We know that California has a lot of privacy laws, but the Shine the Light law is one of the oldest in the state, and it still catches businesses off guard because it is not about cookies or ad tech. It’s about who you share...more
Providing parents with access to their child’s healthcare information is not a new legal requirement, but given recent guidance and statements from federal regulators, it is an area of renewed enforcement focus. Now is a good...more
Many people see the start of a new year as a time to refresh and renew themselves. For covered entities under HIPAA, which include group health plans, it’s also time to refresh and renew your HIPAA Notice of Privacy Practices...more
Higher education saw rapid change in 2025, with institutions managing shifting regulations and guidance, financial pressures and evolving campus climate issues. This includes changes to Title IX, collegiate athletics,...more
Question: I’ve read about “Steal Now, Decrypt Later” attacks. What should we be doing now to respond when “secure data” is compromised? Answer: Traditional encryption methods have long functioned as a key protective data...more
New Jersey recently made important changes to N.J.S.A. 9:2-4, the statute that governs child custody and parenting time. While the law continues to focus on the “best interests of the child,” the amendments clarify how...more
As we have discussed in previous blogs, there have been a number of recent changes to the HIPAA privacy rule requiring action from plan sponsors. As you will likely recall, in December of 2024, all health plans covered by...more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
New York’s groundbreaking Algorithmic Pricing Disclosure Act (the Act) took effect on Nov. 10, 2025. The Act requires businesses operating in New York to disclose the use of algorithmic pricing models and introduces...more
Laws/Regulations directly regulating AI (the "AI Regulations") - On October 10, 2025, Italy adopted Law no. 132/2025 (the "National AI Law"). Italy is therefore the first EU Member State to adopt a comprehensive national...more
This annual observance highlights the growing importance of protecting personal data in an increasingly AI-driven and interconnected world. From evolving U.S. state privacy laws to the EU AI Act and sector-specific...more
As we look ahead to 2026, Wilson Sonsini remains at the forefront of emerging legal and regulatory trends. In anticipation of the new year, our attorneys have prepared a series of focused 2026 Year in Preview alerts. These...more
The state privacy law landscape in 2025 remained highly dynamic, even though no new states enacted omnibus privacy laws for the first time in years. Sweeping amendments and regulatory developments raised the compliance bar,...more
Entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), such as group health plans, that receive or maintain substance use disorder (SUD) treatment records from programs subject to federal...more
AI is no longer an emerging risk; it is now a central driver of offensive and defensive cyber capabilities. As organizations adopt AI tools to improve efficiency, adversaries are leveraging the same technology to automate...more
The California Department of Financial Protection and Innovation (“DFPI”) has issued a Second Invitation for Comments on a proposed rulemaking that would expand registration and reporting requirements under the California...more
Plaintiffs (Jane Roe and John Doe) sued defendants, a daughter and mother, pseudonymously as “Jenna Smith” and “Mother Smith.” Jenna and Mother Smith told other students that John had sexually assaulted Jenna and Jane...more
Two different updates to notices of privacy practices (NPPs) are due on February 16, 2026. First, HIPAA covered entities that create or receive substance use disorder (SUD) records that are subject to 42 CFR Part 2 (Part 2)...more
The FTC settled with General Motors LLC, General Motors Holdings LLC, and OnStar LLC (collectively, “GM”) to resolve allegations that the companies collected, used, and sold consumers’ precise geolocation and driving data...more
Arizona AG Kris Mayes is investigating reports that xAI’s artificial intelligence chatbot Grok, which has been integrated into social media platform X, has been used to generate and distribute child sexual abuse material...more
Maine Governor Janet Mills recently allowed LD 61 – An Act to Regulate Employer Surveillance to Protect Workers – to become law without her signature. This law, which takes effect this summer, applies to all Maine employers,...more
The Bottom Line - Privacy compliance obligations continue to grow and expand, so businesses should revisit their privacy compliance programs regularly....more
Introduction and Summary - HHS issued a final rule modernizing 42 CFR Part 2 to implement the CARES Act and more closely align with HIPAA's Privacy, Breach Notification, and Enforcement frameworks. The rule permits a single,...more
Even if you read them at the time, you’ll want to read them again. In 2025, organizations faced significant developments in the areas of immigration, workplace policies, federal enforcement, and data privacy. ...more
