Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
On 19 June 2025, CNIL published two additional “how-to-sheets” on artificial intelligence, one on the legitimate interest and the other on the collection of data via web scraping. These documents aim to clarify the rules...more
Employers' access to, and retention of, employee medical information can be fraught with legal risk. Even the most seasoned HR professionals have trouble navigating the complex rules and regulations governing employee medical...more
On May 20, 2025, the Commission d’accès à l’information du Québec (CAI) issued a decision regarding the use of in-vehicle video surveillance technology by a delivery company, 13859380 Canada Inc., dba Crane Supply (the...more
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
Montana’s privacy law has received a refresh and updates will go into effect October 1, 2025 – exactly one year since the law took effect. The law was modified with SB 297, and changes include coverage, approach with minors,...more
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney...more
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
California Assembly Bill 2013 (AB 2013), known as the Generative Artificial Intelligence: Training Data Transparency Act, was signed into law on September 28, 2024, and is set to take effect on January 1, 2026. ...more
On June 4, 2025, the Digital Advertising Alliance (“DAA”), the self-regulatory body that sets and enforces privacy standards for digital advertising, announced it is launching a process to determine if it is necessary to...more
Orrick's Founder Series offers monthly top tips for UK startups on key considerations at each stage of their lifecycle, from incorporating a company through to possible exit strategies. The Series is written by members of our...more
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in...more
Last May, Colorado Governor Jared Polis signed into law amendments to the Colorado Privacy Act ("CPA") that impose new obligations governing the collection, processing, retention, and disclosure of Coloradans' biometrics. The...more
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
On May 14, the U.S. District Court for the Eastern District of Kentucky granted a fintech trade organization’s motion to intervene in a case involving a bank plaintiff who sued the CFPB. The court ruled that the association...more
On April 22, 2025, the Federal Trade Commission (FTC) published its final amendments ("the Amendments") to the Children's Online Privacy Protection Act (COPPA) Rule in the Federal Register. The Amendments expand the...more
Data subject access requests (DSARs), or subject rights requests (SRRs), are evolving. Whether your organization is based out of the EU, the US, or elsewhere in the world, consumers’ awareness and expectations are...more
While Andrew Ferguson advocates for a restrained regulatory approach at the FTC, his statements and voting record reveal clear priority areas where businesses can expect continued vigorous enforcement. Two areas stand out in...more
As summer approaches, three new state comprehensive privacy laws are poised to take effect, raising the number of states with effective comprehensive privacy legislation in the US to sixteen (with more to come in 2026). The...more
On April 22, 2025, the Federal Trade Commission’s (FTC) changes to the Children’s Online Privacy Protection Rule (COPPA Rule) were published in the Federal Register. The updates will go into effect on June 23, 2025, and...more
Montana’s governor signed Senate Bill 297 to overhaul key portions of the state’s Consumer Data Privacy Act and bring new protections for minors. The changes bring lower thresholds, updated exemptions, expanded notice...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
On April 14, 2025, the National Institute of Standards and Technology (“NIST”) released draft updates to the NIST Privacy Framework, designed to address current privacy risk management needs, enhance usability, and align the...more
Colorado was the third state in the U.S. to pass comprehensive privacy legislation, following in the footsteps of California and Virginia (the Colorado Privacy Act (the “CPA”). Now Colorado is increasing protections again,...more
In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating...more