Rethinking Records Retention
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
Top Healthcare Compliance Priorities for 2025
AI Legislation: The Statewide Spotlight - Regulatory Oversight Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
AI Legislation: The Statewide Spotlight — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
The Next FCRA Frontier: Identity Theft and CFPB Updates — FCRA Focus Podcast
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
With the use of artificial intelligence (“AI”) becoming more pervasive every day, it should not surprise our readers that regulators are increasingly focused on the use of AI and its associated consumer data privacy...more
On 14 May 2025, the Brussels Court of Appeal (Market Court) delivered the long-awaited judgement in the case concerning the Transparency & Consent Framework (“TCF”) (case no. 2022/AR/292). The Court largely upheld the...more
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
In April, the Office of the Connecticut Attorney General (OAG) released an updated enforcement report under the Connecticut Data Privacy Act (CTDPA) to highlight privacy enforcement actions taken in 2024....more
The Asia-Pacific (APAC) region has experienced a significant increase in internet usage among children, fueled by widespread access to smartphones, affordable data plans, and digital platforms. While this digital...more
Orrick's Founder Series offers monthly top tips for UK startups on key considerations at each stage of their lifecycle, from incorporating a company through to possible exit strategies. The Series is written by members of our...more
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in...more
Last May, Colorado Governor Jared Polis signed into law amendments to the Colorado Privacy Act ("CPA") that impose new obligations governing the collection, processing, retention, and disclosure of Coloradans' biometrics. The...more
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
In August 2024, China Judgements Online published a ruling issued by the Guangzhou Internet Court on September 8, 2023, in a case widely regarded as China’s first judicial decision addressing cross-border personal information...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
De nombreuses entreprises de services financiers sont tenues en vertu de lois et de règlements de vérifier l’identité de leurs clients. Il existe des outils technologiques novateurs qui simplifient le processus de...more
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the...more
The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
Businesses need to remain vigilant regarding recent developments in consumer-based data privacy class actions. In recent weeks, the plaintiff class action bar has filed several lawsuits against The Trade Desk Inc. related to...more
Two recent decisions by Québec’s data protection authority, the Commission d’accès à l’information (the “CAI”), should serve as cautionary tales for any business contemplating the deployment of biometric information...more
On March 20, 2025, the new Federal Law for the Protection of Personal Data held by Private Parties (LFPDPPP of 2025) was published in the Official Gazette of the Federation. The LFPDPPP of 2025 entered into force on March 21,...more
The recent decision by the Commission d’accès à l’information du Québec (CAI) regarding a popular grocer’s biometric data project in Quebec has far-reaching implications for other businesses considering or currently using...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
The Israeli Privacy Protection Authority (PPA) has issued a new statement introducing a significant change in the interpretation of the law and in the required methods for obtaining consent to the collection and processing of...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
The year 2025 is certain to be a watershed for social media legislation and litigation. As it continues to shape how we connect, share, and consume information, social media remains at the forefront of public discourse due to...more
If you are the owner of a telemarketing business, there is a good chance that you are familiar with The Campaign Registry (“TCR”). TCR registration is essential for businesses for several reasons. Crucially, it ensures that...more