A Less is More Strategy for Data Risk Mitigation
Data Retention and Document Holds
Healthcare Document Retention
The NYDFS Updates Its Stringent Cybersecurity Regulations. Is This a Bellwether of Coming Industry Change? - The Consumer Finance Podcast
Spring Cleaning for Legal Teams: The Cloud and Defensible Deletion of Data
M365 in 5 – Part 7: Teams Audio/Video (A/V) Conferencing
M365 in 5 – Part 6: Teams Channels – The virtual collaboration workspace
M365 in 5 – Part 5: Teams Chats – Modern communications
M365 in 5 – Part 4: Teams – An introduction to collaboration
M365 in 5 – Part 3: OneDrive for Business – Protected personal collaboration
M365 in 5 – Part 2: SharePoint Online – The new file-share environment
M365 in 5 – Part 1: Exchange Online – Not just a mailbox
Sitting with the C-Suite: Information Governance and eDiscovery - Key Compliance Issues for In-House Counsel
Sitting with the C-Suite: Trial Teams – Narrowing Data through Centric Search
Sitting with the C-Suite: Normalizing Business Practices through Litigation Data
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
[WEBINAR] Public Records Act - Taming the Email Tiger
E14: The Three Pillars of GDPR
Three Key Data Retention Questions
On April 9, 2025, the coalition agreement of the future German Federal Government, consisting of the three German parties CDU, CSU and SPD, was published. The document entitled “Responsibility for Germany” contains several...more
The Belgian legislature recently adopted a new act on private investigations ("Act")....more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
Data minimization is a legal and operational necessity in today’s privacy landscape. There are now legal and operational curbs to the pervasive practice of keeping everything forever. With the rise of global frameworks like...more
As of January 1, 2025, the Israeli Privacy Protection Regulations (Instructions for data being transferred to Israel from the European Economic Area) will also apply to data being stored or processed in Israel or in other...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
Unstructured Data Is Everywhere in Your Organization — And Just Waiting To Cause Trouble - Unstructured Data Cleanup is an information governance practice focused on the permanent deletion of information that is no longer...more
The Italian Data Protection Authority has adopted an updated version of a guideline document on email retention that it originally issued in December 2023, but which had been suspended....more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
Introduction - The General Data Protection Regulation (Regulation (EU) 2016/679) is the EU regulation which is directly applicable in all member states of the EU, including the Czech Republic, as of 25 May 2018. The new...more
Editor’s Note: In this insightful discussion between John Wilson, Chief Information Security Officer and President of Forensics at HaystackID, and Rene Novoa, Director of Forensics at HaystackID, we delve into the intricate...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
The United Kingdom’s Information Commissioner’s Office recently issued guidance on how to keep employment records. This is good advise for employers beyond Europe (and particularly in California). The data retention...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
If you don’t know where your business collects, stores, and processes consumer data, you can’t manage that data in a compliant fashion. You won’t know whether...more
On 4 May 2023, the European Court of Justice (CJEU) delivered its highly anticipated judgement in Österreichische Post (Case C-300/21) on a crucial issue: the extent to which data subjects affected by a breach of the GDPR...more
2023 may be the year of privacy laws. Five states have new laws that go into effect this year, which will likely usher in a new era of consumer privacy protections in the United States....more
What data can companies collect, and how long can they keep it? Our Privacy, Cyber & Data Strategy Team outlines best practices for companies to comply with international, federal, and state laws and guidance to avoid...more
The British Virgin Islands ("BVI") Data Protection Act, 2021 ("DPA") came into force on 9 July 2021. It was introduced so the BVI would have a data protection framework which is broadly similar to EU and UK standards. To...more
Implementing legal holds quickly and effectively is key to maintaining defensibility during litigation and investigations. When a matter involves U.S. law, parties have a duty to preserve relevant information once litigation...more
You need a data retention plan. No really. And not just in the European Union. In California too. Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more
FTC Is Tracking Twitter Developments With “Deep Concern” - Elon Musk’s recent purchase of Twitter has led to numerous resignations in the security department. Most recently, Twitter’s chief information security officer,...more
Our 2022 Data Security Incident Response Report discussed how businesses can be better positioned to meet the tight data breach notification deadlines now imposed in dozens of countries worldwide. In particular, we...more
Employers often want to have a data retention policy that works for all of their international operations. We look at the challenges with this approach and how to make it work in practice....more