No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Nebraska AG Mike Hilgers sued PDD Holdings Inc. and WhaleCo Inc., d/b/a Temu, alleging that Temu’s shopping app operates as malware designed to gain unauthorized access to users’ data in violation of state consumer protection...more
China’s primary data regulator, the Cyberspace Administration of China (CAC), released two sets of Q&As with respect to exporting data from China, one in April and one in May. The questions were selected from those raised...more
China rolled out its “new,” streamlined cross-border data transfer (CBDT) regime on March 22, 2024, with the issuance by the Cyberspace Administration of China (CAC) of the Provisions on Facilitating and Regulating...more
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
The PRC Personal Information Protection Law (PIPL) mandates regular data compliance audits. Following a consultation period beginning in August 3, 2023, the Cyberspace Administration of China (CAC) issued the Measures for...more
On February 14, 2025, the Cyberspace Administration of China ("CAC") finalized the "Personal Information Protection Compliance Audit Measures" ("Audit Measures"), which refines the draft version released on August 3, 2023...more
On January 3, 2025, the Cyberspace Administration of China (the “CAC”) released the Draft Measures for Personal Information Protection Certification for Cross-Border Data Transfers (the “Draft Measures”) for public comment....more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
The Guangzhou Internet Court (the “Court”) recently issued its first judgment involving the cross-border transfer of personal data under the Personal Information Protection Law (“PIPL”).1 An international hotel group was...more
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through...more
Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is...more
On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
A group of 14 Republican AGs wrote a letter to the CEO of Webull Financial LLC, inquiring into whether Webull—which is both a U.S. and Chinese company—may have exposed customers’ personal information to the Chinese Communist...more
On 22 March, 2024, the Cyberspace Administration of China (“CAC”) finalized its Provisions to Promote and Regulate Cross-Border Data Transfers (“Final Provisions”). The Final Provisions were long anticipated following a...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
On November 1, 2023, the National Information Security Standardization Technical Committee (全国信息安全标准化技术委员会) (“TC260”, a policy-making body under the Cyberspace Administration of China (“CAC”)) launched a public consultation...more
China is seeking to take a significant step to relax the compliance burden on multinational corporations (MNCs) regarding data export from China by allowing: (i) certain routine data exports for daily business operation or...more
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
United States: The Administration and Congress are taking initial steps to produce legislation to regulate AI and using interim measures, such as the White House’s recently announced voluntary agreement with seven prominent...more
On June 29, 2023, the Cyberspace Administration of China ("CAC") and the Innovation, Technology and Industry Bureau of the Hong Kong Special Administrative Region ("Hong Kong") Government ("HKITIB") signed the Memorandum of...more
The Cyberspace Administration of China (CAC) issued guidelines for organisations on filing the standard contract for the export of personal information (Guidelines) on 30 May 2023. Earlier this year, the CAC issued Standard...more
The compliance grace period for China’s cross-border data security assessment measures has expired — but many international companies with operations or employees in China are still not compliant. In light of the diminishing...more