No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
Last week, we introduced you to the ARMA IGIM Framework. What’s next? Every successful Information Governance (IG) program starts with a strong base....more
Key Takeaways - - Texas’ new law governing artificial intelligence, which takes effect at the start of 2026, introduces both familiar and novel regulations on the use of AI by companies and government entities. - Provisions...more
The Texas Responsible Artificial Intelligence Governance Act (TRAIGA), which was signed into law by Governor Greg Abbott on June 22, 2025, and is effective January 1, 2026, establishes a framework for regulating the...more
Editor’s Note: Europe’s regulatory landscape has undergone a fundamental transformation, extending far beyond GDPR’s foundational framework to encompass a complex ecosystem of interconnected laws governing digital platforms,...more
- On 26 March 2025, the European Health Data Space (EHDS) Regulation entered into force. The regulation establishes a comprehensive framework for health-data sharing and access in the EU, with the dual aim of supporting the...more
The intersection of AI and healthcare is outpacing the development of laws and regulations governing the technology. Even in the early days of AI transformation, this is creating uncertainty for healthcare organizations....more
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
Are you storing sensitive data on a shared network drive? If so, your organization could be at serious risk of a data breach or privacy lawsuit. Shared drives, like the common “S:\ drive,” are often used to store documents,...more
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies,...more
On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
This complimentary webinar will delve into the real-life aspects of implementation – with a focus on organizational preparedness and proactive strategic foresight. Join us as we discuss how to design and roll out a...more
Although Artificial intelligence (“AI”) has been a matter of intense public interest for several years, few substantive laws regulate its use. Reasons for this include a lack of clarity about the scope of what needs to be...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
The Securities and Exchange Commission (SEC) has previously provided guidance through risk alerts, proposed rules, and enforcement actions that outline expectations for registered investment advisers and other financial firms...more
When evaluating where artificial intelligence has had the most impact, many think of their personal use of AI or the integration of AI into many consumer applications. The use of AI in the employment context is on the back...more
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard...more
Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more
The Data Security Program (DSP), implemented by the Department of Justice's National Security Division (DOJ/NSD) under Executive Order 14117 (Preventing Access to Americans' Bulk Sensitive Personal Data and United States...more
On May 8, 2025, the governor of Montana signed into law SB 297, which amends the Montana Consumer Data Privacy Act (MCDPA). The amendments become effective on October 1, 2025. Among other things, SB 297: • amends the...more
As questions of trust, surveillance, and data sovereignty become central to global trade, businesses face mounting pressure to prove not just compliance but true accountability. That’s why we turned to Constantine...more
Organizations must continuously review and refine their data governance strategies to keep pace with a regulatory environment that is shifting at an unprecedented rate. In response to mandates for stronger compliance...more
Below, we catalog certain current state laws regulating the development and use of AI systems and technologies passed between 2019 and 2025. This list focuses on legislative initiatives that have passed and are in effect or...more