When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
The English High Court recently granted a bank permission to transfer personal data disclosed in court proceedings to an authority in Ukraine, a country without UK GDPR adequacy status. The Judge found that the transfer fell...more
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals. According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by...more
A recent conversation I had raised a new concern surrounding the use of Generative AI that is worth talking through. Will using Generative AI tools violate obligations surrounding the storage and review of documents...more
The Internal Revenue Service (IRS) has begun the process of informing over 70,000 taxpayers that their confidential tax information was leaked in a widespread breach by a former IRS contractor. Those impacted should take...more
Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
What Happened - On July 26, the U.S. Securities & Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule on a 3-2 vote. The final rule is a modified...more
A former hospital worker in Arizona was sentenced to 54 months in prison and ordered to pay restitution after pleading guilty to two felony counts involving identity theft and health information disclosure. In the plea deal,...more
Washington state’s My Health, My Data Act (the Act), signed into law in April 2023, is a broad health data privacy law designed to protect consumer health data that falls outside the scope of HIPAA, such as health-related...more
Five former Memphis-based hospital employees and another man have pled guilty to unlawfully disclosing patient information in violation of HIPAA, U.S. Attorney for the Western District of Tennessee Kevin Ritz announced....more
Introduction: Tracking Software in the Healthcare Industry - Privacy-related concerns have become increasingly prominent in recent years, especially with the widespread use of third-party tracking tools such as tracking...more
On the first day of Hong Kong Arbitration Week 2022, Morrison Foerster hosted a hybrid panel on “Implications of PRC’s Evolving Data Protection Laws on Disclosure and Participation of PRC Parties in International...more
On August 19, 2022, the Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) published a public notice to contractors about a Freedom of Information Act (FOIA) request from the Center for Investigative...more
On August 1, 2022, the Court of Justice of the European Union (CJEU) issued an opinion regarding a Lithuanian data protection case that may signal an expansion of interpretation of the definition of sensitive personal data...more
On January 18, 2022, the European Data Protection Board (the "EDPB") issued the Guidelines 01/2022 on data subject rights - Right of access (the "Draft Guidelines"), laying out its interpretation of Article 15 GDPR on the...more
Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA) may be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store,...more
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine....more
A new decision from the First Circuit upholding the federal government’s authority to search the electronic devices of anyone entering the United States — in some instances without a warrant, probable cause, or even...more
On December 10, 2020, the Department of Health and Human Services (HHS) announced proposed revisions to the HIPAA Privacy Rule that would significantly impact the day-to-day operations of HIPAA covered entities. In this...more
Our Virtual Regional Compliance Conferences provide updates on the latest news in regulatory requirements, compliance enforcement, and strategies to develop effective compliance programs. Watch, listen, and ask questions from...more
In a recent Holland & Knight webinar, Partners Kara Ariail, Brandon Elledge, and Terry Elling discussed trade secrets and related issues affecting government contractors when employees are hired or leave. In case you missed...more
Phishing. Spoofing. - These words may sound silly, but for employers, they are anything but. Phishing is the attempt to obtain sensitive electronic information—such as usernames, passwords, or financial...more
• The Freedom of Information Act (FOIA) officer for the city of Aurora, Ill., released "largely unredacted" documents in response to an incarcerated felon's request for information about the police officers who worked the...more
While courts and the Federal Rules of Evidence take an increasingly pragmatic approach to the question of when inadvertent disclosure of privileged information results in waiver, a recent federal magistrate’s ruling serves as...more
A New York district court opinion is the latest addition to our watch of ongoing VPPA-related disputes, a notable decision on the issue of what exactly is a disclosure of “personally identifiable information” (PII) under the...more