Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
The UK’s Data (Use and Access ) Act 2025 (“DUA Act”), which received royal assent on 19 June 2025, represents a significant reform to UK data law and reflects Britain’s ambition to spur tech innovation by freeing up the flow...more
For AI companies in the health care space, data is everything. It fuels model performance, drives product differentiation, and can make or break scalability. Yet too often, data rights are vaguely defined or completely...more
Commercial contracts are a foundational element of any business. Whether you’re a startup, a well-established company, or somewhere in between, these agreements set the stage for how business will be conducted, outline roles...more
Executive Summary - The EU Data Act, whose requirements apply from 12 September 2025, establishes new rights for businesses and consumers to access data they generated using “connected devices,” limiting the exclusive...more
On 17 March 2025, the Australian Government published Model Clauses to help government purchasers manage vendor relationships when procuring AI technology based systems and services. The Model Clauses cover issues relevant to...more
Generative AI (GenAI) vendors, models, and uses cases are not created equal. Model providers must be trusted to handle sensitive data. Models, like tools in a toolbox, may be better suited for some jobs than others. Use cases...more
Are you using artificial intelligence in your business operations? Do you have AI embedded in the goods and services you offer customers? The regulatory framework applicable to AI continues to develop, including across US...more
We are excited to welcome Mathilde Carle as a partner in Morgan Lewis’s Paris office and as a guest contributor to our Tech & Sourcing Spotlight series to discuss intellectual property (IP) protection and other related issues...more
The integration of artificial intelligence (AI) tools in healthcare is revolutionizing the industry, bringing efficiencies to the practice of medicine and benefits to patients. However, the negotiation of third-party AI tools...more
The European Commission (EC) has released an updated version of the Model Contractual Clauses for AI Procurement (MCC-AI), providing further guidance for public-sector buyers navigating AI procurement under the European Union...more
Artificial intelligence (AI) is reshaping the future of manufacturing. As manufacturing operations shift back to the U.S. in response to recent tariff policies, general counsels (GCs) in the manufacturing sector face a...more
During the course of 2024, interest in generative and other types of artificial intelligence, machine learning and predictive applications and services (collectively, AI) accelerated across industries. Some sectors, such as...more
Recently, we had the opportunity to advise some clients who worked with a third-party vendor that maintained custody of personal information pertaining to our clients’ respective end users. The vendor suffered a data breach...more
On January 14, 2024, the Departments of Labor, Health and Human Services, and the Office of Personnel Management (the “Departments”) jointly released the FAQs About Consolidated Appropriations Act, 2021 Implementation Part 69...more
Virtually every business has signed an agreement with a software as a service (“SaaS”) provider at one time or another. And now, virtually every SaaS provider (it seems, at least) is coming out with an AI-related feature or...more
The tightening of privacy and data protection compliance obligations in Canada and the United States, has led to increasingly comprehensive “data security and privacy” representations and warranties in purchase agreements, as...more
Right now, we are all taking stock of the many important issues and challenges we saw crop up for clients last year, trying to predict what they will face in the coming year, and strategizing about how we can help....more
As the new year begins, prudent service providers will review and consider updating their contract forms to ensure they align with the company's strategic goals and comply with any current or upcoming laws and regulations. ...more
Earlier this year, firm Associate Darden Copeland attended The Racing Attorney Conference (TRAC) for its 15th annual conference at Circuit of the Americas in Austin, Texas. ...more
Tech Vendors and Cybersecurity – Are They Responsible? It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you...more
Although all fifty states now have data breach notification statutes on the books, a smaller but growing number of states have adopted substantive data privacy laws. The recently passed California Privacy Rights Act (CPRA)...more
Security Schedules, Privacy Addenda, TOMs, DPAs—whatever you call them, privacy and cybersecurity contract terms have exploded in prevalence in recent years, bringing with them new importance that can lead to difficult and...more
The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision....more
Employers’ engagement and use of various types of vendors has expanded recently, to include vendors who assist with office re-entry screening and contact tracing as employees return to work during the COVID-19 pandemic. ...more
It has been rough weather for Google in France. Three weeks after the French ?Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande...more