Safeguarding Your Business Data
Navigating the Maze: eDiscovery Essentials for Employers — Hiring to Firing Podcast
Top Healthcare Compliance Priorities for 2025
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
Episode 366 -- DOJ Issues Data Security Program Requirements
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Why Privacy Matters to Your Business and What's in Store for 2025
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Protect, Prepare, Prevail: Navigating a Complex Cybersecurity World
2024 Privacy Trends and Their Impact on Auto Finance – Moving the Metal: The Auto Finance Podcast
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Crafting an Effective Law Firm Generative AI Policy for Responsible Business Use: On Record PR
2025 Privacy Law Preview: Be Prepared
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
Podcast - Decoding the Future of AI Regulation and Frontier Models
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
The Securities and Exchange Commission (“SEC”) has announced the adoption of amendments to Regulation S-P (“Amendments”) to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
Complementing the patchwork of state data breach notification laws, a number of federal agencies recently have promulgated sector-specific reporting rules affecting a variety of companies, both directly and indirectly, with...more
As the federal government, state governments, businesses and other entities continue their response efforts related to the COVID-19 pandemic, the privacy and security of consumers’ personal health information remains a top...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
To mark the one-year anniversary of mandatory breach reporting under the Personal Information Protection and Electronic Documents Act (PIPEDA), the Office of the Privacy Commissioner of Canada (OPC) published a blog post...more
On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act...more
Why does this topic matter to organisations? Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law...more
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more
On October 29, 2018, the Office of the Privacy Commissioner of Canada (OPC) published the final guidance intended to assist organizations in complying with the mandatory breach reporting and record-keeping requirements under...more
CFIUS will continue to have broad jurisdiction to conduct national security reviews of foreign investments that could result in foreign control of a U.S. business. When regulations implementing FIRRMA become effective within...more
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October...more
The final Breach of Security Safeguards Regulations (Regulations) under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) were made on March 26, 2018, and published on April 18, 2018. The...more
In August, 2017, the Federal Trade Commission (“FTC”) proposed a settlement agreement with Uber stemming from its investigation of a 2014 data breach due to Uber’s “unreasonable security practices”. The lengthy investigation...more
The Government of Canada has announced that its proposed data breach notification requirements pursuant to the Digital Privacy Act (the “Act”) will take effect on November 1, 2018. The Act amends Canada’s Personal...more
The recent $575,000 settlement with EmblemHealth signals a push from AG Schneiderman “for stronger security laws and hold[ing] businesses accountable for protecting their customers’ personal data.” Noting New York’s “weak and...more
In mid-January, the General Services Administration (GSA) released their Semiannual Regulation Agenda. Within this agenda, GSA announced plans to update requirements in the General Services Administration Acquisition...more
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach. Forty-seven states require employers to notify employees when defined categories of personal information, including...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more