AI Legislation: The Statewide Spotlight - Regulatory Oversight Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
AI Legislation: The Statewide Spotlight — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
The Next FCRA Frontier: Identity Theft and CFPB Updates — FCRA Focus Podcast
Episode 366 -- DOJ Issues Data Security Program Requirements
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — The Good Bot Podcast
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Innovations in Compliance: Data Collection & Cybersecurity with ModeOne’s Matt Rasmussen and Ryan Frye
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
What is the CCF?
AI in Employment: Navigating the Legal Landscape with Lessons from I, Robot — Hiring to Firing Podcast
A Less is More Strategy for Data Risk Mitigation
Auditing Your Hotline and Case Management System
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
Compliance Tip of the Day: AI for Whistleblower Anonymity
The NAIC’s privacy protections and cybersecurity working groups have continued their building efforts....more
As we approach the end of many states’ legislative sessions, we’re seeing more action in committees and fewer introductions of new proposals. There are no new comprehensive privacy law proposals to cover since our last update...more
Welcome to our fourth issue of 2025 of Decoded - our technology law insights e-newsletter. We hope you enjoy this issue and thank you for reading. Sector by Sector: How Data Breaches are Wrecking Bottom Lines - “Data...more
If you are a compliance professional for a U.S.-based company, you have probably been told at some point that you have to worry about the General Data Protection Regulation (GDPR). Have you encountered one of these...more
While March featured a flurry of newly introduced comprehensive privacy bills, state legislatures now appear to be primarily focused on pushing existing proposals through the chambers. ...more
As noted in our last two client alerts, the issue as to who should be the watchdog to protect consumer personal data is coming to a head in the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors...more
The states bounced back from a somewhat quiet previous biweekly update with several noteworthy developments in the last two weeks. A total of five new state comprehensive privacy bills were introduced in Maine (LD 1224),...more
Several state attorneys general (AGs) and the Federal Trade Commission (FTC) have begun scrutinizing ancestry tracking company 23andMe following its recent announcement that it has filed for Chapter 11 bankruptcy. As part of...more
El pasado 20 de marzo de 2025 se publicó la nueva Ley Federal de Protección de Datos Personales en Posesión de los Particulares (“LFPDPPP”) que entró en vigor el 21 de marzo del presente año y que contiene importantes cambios...more
On March 20, 2025, the new Federal Law on the Protection of Personal Data Held by Private Parties (FLPPD) was published. This law came into force on March 21, and contains important changes in terms of privacy....more
The chapter 11 bankruptcy cases of 23andMe Holding Co. and its affiliated debtors (collectively, “23andMe”), the company that provides direct-to-consumer genetic testing and ancestry services, has prompted a wave of panicked...more
To commemorate the six months since the Oregon Consumer Privacy Act (“OCPA”) became effective, Oregon Attorney General Dan Rayfield released earlier this month a Report summarizing complaints received from consumers about...more
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
On March 14, the California Privacy Protection Agency (CPPA) Board announced it appointed Tom Kemp as the CPPA’s executive director, effective April 1. Kemp enters the CPPA with experience as a policy advisor, cybersecurity...more
On March 15, Kentucky passed HB 473 (the “bill”), which amends the Kentucky Consumer Data Protection Act (the “Act”), whose passage was previously covered by InfoBytes and goes into effect on January 1, 2026. The bill creates...more
As we progress deeper into the 2025 legislative season, comprehensive privacy law proposals continue to progress through the legislative process. In the weeks since our last update, Kentucky amended its comprehensive data...more
Keypoint: Last week, Kentucky’s governor signed a bill amending the state’s data privacy law while bills advanced in Connecticut, Illinois, New Hampshire, Pennsylvania, Tennessee, Texas, and West Virginia....more
Last week, the California Privacy Protection Agency (CPPA) settled its first non-data broker enforcement action against American Honda Motor Co. for a $632,500 fine and the implementation of certain remedial actions....more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
On February 26 2025, the California Privacy Protection Agency (CPPA) published its first annual report for 2024 (Report). The Report highlights that the CPPA recovered more than USD170,000 of administrative fines for data...more
On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer...more
Digital health care companies have navigated a wave of new developments at the Federal Trade Commission (FTC) over the past few years. With new leadership in the Trump Administration, the FTC may be poised to change some of...more
The California Privacy Protection Agency (CPPA) has reached a settlement with American Honda Motor Co., Inc. (Honda), as outlined in this Order of Decision. The Order is the CPPA’s first public enforcement action involving a...more