When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Uncovering Hidden Risks: Ep 13 - Unveil Data Security Paradoxes
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
On July 11, a split U.S. Court of Appeals for the Eleventh Circuit partially vacated the greenlighting of two data breach class actions, holding that a district court must re-analyze the boundaries of the classes. Both the...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
The Ontario Court of Appeal recently released a trilogy of decisions (Winder v. Marriott International, Inc., 2022 ONCA 815; Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814; Owsianik v. Equifax Canada Co., 2022 ONCA 813)...more
On October 31, 2022, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Chegg, an edtech company, over its security practices that resulted in four security breaches in three years....more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
In order to regulate cross-border data transfers in accordance with the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, the Cyberspace Administration of China (CAC) released the Measures...more
As you may recall from our previous advisory, "The European Commission Implements New Standard Contractual Clauses", existing data sharing contracts that include the old standard contractual clauses ("SCCs") will only remain...more
When the UK Government first introduced the Online Safety Bill (the "Bill") to Parliament, it lauded the Bill as creating "world-leading online safety laws" which "marked a milestone in the fight for a new digital age". The...more
In a first of its kind trial, a defendant accused of negligently responding to a data breach was cleared of all liability by a jury last month. After two hours of deliberation, the jury rejected plaintiff’s claim that the...more
Biometric data is becoming increasingly pervasive in our daily lives—we use it to unlock smartphones, gain entry to entertainment venues, access secured locations, and record time and attendance on the job site....more
The Commonwealth of Massachusetts is moving closer to passing consumer data privacy protection legislation with bipartisan support. The Joint Committee on Advanced Information Technology, the Internet and Cybersecurity...more
China’s Personal Information Protection Law, adopted August 20, 2021, becomes effective on November 1. The PIPL establishes a comprehensive data protection structure for the collection, use, and disclosure of the personal...more
When the DSL goes into effect on September 1, 2021, it will impose certain restrictions on a company's ability to transfer data out of China without the prior approval of Chinese authorities. One significant restriction is...more
On August 20, 2021, the Standing Committee of the National People’s Congress adopted the Personal Information Protection Law of the People’s Republic of China (the “Personal Information Protection Law”). The Personal...more
The Ministry of Service Alberta is seeking public input on the province's statutory privacy protections. This follows Ontario's recent gesture to modernize its privacy framework and request feedback, which we discussed in...more
Last week, a federal court in Illinois ruled that the Illinois Biometric Information Privacy Act (BIPA) (740 ILCS § 14/1 et seq.) can apply to companies that do not exclusively control consumers’ biometric data, denying an...more
On April 30, 2021, the Government of Ontario introduced Building a Digital Ontario, the province's new digital and data strategy, which lays the foundation for Ontario to become "the world's leading digital jurisdiction."...more
On April 26, the second draft of the Data Security Law was submitted to the Standing Committee of the National People’s Congress for deliberation through May 28, 2021. Compared to the first draft submitted in July last year,...more
A recent decision of the U.S. District Court for the District of Columbia further erodes a defendant’s claim of privilege with respect to expert reports related to data breaches. However, it also provides important...more
A coalition of African nations have developed a data protection framework with the goal of centralizing data protection laws and the digital economy across Africa. Currently, five countries, including Nigeria, are testing the...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4...more
Today the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Resources announced that a Georgia orthopedic clinic agreed to pay $1.5 million and adopt a two-year corrective action plan to settle potential...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more