FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
AI Talk With Juliana Neelbauer - Episode Three - Cybersecurity Insurance: Coverage Challenges and Changes
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Protect, Prepare, Prevail: Navigating a Complex Cybersecurity World
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Crafting an Effective Law Firm Generative AI Policy for Responsible Business Use: On Record PR
2025 Privacy Law Preview: Be Prepared
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
"Monsters Inc." y el tratamiento de los datos
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
AI Discrimination and Emerging Best Practices – Part 2 - The Good Bot Podcast
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
Malaysia issued a regulatory guideline for data breach notification in February 2025. This article discusses how the new regulation affects businesses in Malaysia. On 25 February 2025, Malaysia's Personal Data Protection...more
Warby Parker Fined $1.5 Million Following HHS Investigation of Credential Stuffing Security Breach - On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a...more
On February 20, 2025, the Polish Personal Data Protection Office (UODO) published an updated version of the guide on personal data protection breaches. The first edition was released in 2018. The latest version...more
Responsible organizations understand that privacy governance is essential for the systematic and compliant management of personal data and for maintaining customer and stakeholder trust. In a world where people increasingly...more
We explore what trustees need to be aware of when dealing with data and complying with their obligations under the Data Protection (Bailiwick of Guernsey) Law, 2017 and related legislation (the "DP Law")....more
The Superintendency of Industry and Commerce (Superintendencia de Industria y Comercio or SIC) of Colombia has reiterated the provisions of External Circular 003 of Aug. 1, 2018, emphasizing that companies and nonprofit...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
The final rule establishes prohibitions and restrictions on the transfer of certain data due to national security risks from specified countries of concern....more
Le 4 décembre 2024, l’Assemblée législative de l’Alberta a adopté deux projets de loi qui abrogeront et remplaceront la loi provinciale actuelle intitulée Freedom of Information and Protection of Privacy Act (la « Loi FOIP...more
The federal government is the biggest purchaser in America and that extends to the SaaS space. On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, offering updated guidelines for the...more
On April 24, 2024, the European Parliament adopted the final text of two new directives, namely: the Platform Work Directive, aimed at improving working conditions and protection of personal data for those engaged in...more
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer...more
The UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) are consulting on proposals to introduce a new financial services regulatory framework on diversity and inclusion (D&I) in the financial...more
People are understandably nervous about sharing personal data no matter the circumstances. That can be especially true regarding estate planning, given the existence of the recently enacted Corporate Transparency Act (“CTA”)....more
A significant number of federal legislative proposals that focus on online child safety have been introduced. If enacted, they would modify online providers’ obligations to remove and report child sexual exploitation (CSE)...more
Legislation requires data brokers to register with the California Privacy Protection Agency and comply with a one-stop consumer deletion mechanism by 2026 - The wave of data privacy legislation in California continues as...more
Adoption of a new law improving the protection of whistleblowers in companies with more than 50 employees. The law implements an EU directive and goes beyond the European requirements. A whistleblower remains a "natural...more
In a notable event on Election Day this November, California voters approved amendments to the California Consumer Privacy Act (CCPA) and enacted a new statute – the California Privacy Rights Act (CPRA). The new statute...more
Just prior to the sweltering hot weekend, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act. Taking effect on March 22, 2020, the law imposes new obligations on entities to...more
On 1 February, 2019, the National Information Security Standardization Technical Committee issued an amended version of the GB/T 35372-2017 Information Technology – Personal Information Security Specification for public...more
Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data...more
Brazil’s New Data Privacy Law - New Legislation Enacted - On August 14, 2018, Brazil enacted its first omnibus data protection law, to become effective in February 2020. ...more