We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
With three new state privacy laws that took effect on January 1, 2026 (Indiana, Kentucky, and Rhode Island), adding to an extensive list of others, many organizations are discovering that their website privacy practices...more
Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies....more
Enforcement of the Indiana Consumer Data Protection Act (CDPA) has begun, and its penalties can add up quickly. The CDPA was signed in 2023 and became effective January 1, 2026. The law governs how covered businesses collect,...more
As our readers know, the use of internet tracking technologies on consumer-facing websites is widespread. Utilization of these third-party tracking tools, however, has led to a proliferation of lawsuits alleging that...more
Senate Bill 1295, entitled, An Act Concerning Broadband Internet, Gaming, Social Media, Online Services and Consumer Contracts (“Senate Bill 1295”, the “Senate Bill”, or the “Bill”), was passed by Connecticut legislature in...more
Throughout 2025, we saw a noticeable uptick in requests from California residents invoking their rights under the state’s “Shine the Light” law, Cal. Civ. Code § 1798.83. ...more
Publishing a website privacy policy is now standard practice. But assuming that a single, generic policy covers everything is inherently risky. In reality, privacy obligations can arise from several directions: baseline...more
Although Indiana adopted the Consumer Data Protection Act (CDPA) in 2023, on January 1, 2026, the CDPA rubber officially hit the road. This data privacy law regulating how businesses must handle the personal information of...more
As privacy regulations continue to evolve in the U.S., states are increasingly requiring businesses to honor universal opt-out signals that communicate a consumer’s data-sharing preferences. Global Privacy Control (GPC) is a...more
Is your website’s privacy policy up-to-date? For businesses covered by the California Consumer Privacy Act (CCPA) and the expanded 2026 regulations, annual reviews and updates are required—not optional....more
Does your company operate a website and do business in California? If so, you may soon receive (if you have not already) a letter from a law firm on behalf of a California resident aggrieved by your alleged violation of the...more
Question: I’m aware that there are new state consumer privacy laws coming into effect on January 1, 2026, along with recently approved CCPA regulations. Do I need to update my business’s privacy policy and other...more
As you slowly emerge from your tryptophan coma next week, and realize that the first of December is upon us, many complex legal tasks may seem too daunting to face. Luckily, the privacy team at Stoel Rives has developed a...more
During a recent gathering of data privacy and security experts, regulators from the Maryland and Delaware Offices of Attorney General provided their insights regarding priorities for state privacy enforcement and...more
Recent developments from the Network Advertising Initiative (NAI) and the California Privacy Protection Agency (CPPA) impact how businesses manage consumer opt-out preferences and Global Privacy Control (GPC) signals. Below...more
A federal judge in San Francisco just gave website operators a major win, calling the California Invasion of Privacy Act “a total mess” – but the ruling also highlights major privacy risks businesses still face nationwide....more
In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; (3) Courts disagree whether disclosure of...more
Pennsylvania could soon join the growing list of states to enact comprehensive data privacy laws, and businesses that operate in PA must take note. Earlier this month, the commonwealth’s House passed a bipartisan consumer...more
On September 30, the California Privacy Protection Agency (“CPPA” or “Agency”) announced a $1.35 million settlement – the largest in the agency’s brief history – with Tractor Supply Company (“Tractor Supply”), a rural...more
A growing number of U.S. states are requiring businesses to offer mechanisms in their privacy policies or online interfaces to allow individuals to "opt out" of data collection. However, in increasing numbers, many states are...more
For those keeping track of the growing list of US state “comprehensive” privacy laws, you know that the Maryland law (the Maryland Online Data Privacy Act or MODPA) went into effect on October 1st. This rounds us out for US...more
On September 30, the California Privacy Protection Agency (CPPA) announced a stipulated final order requiring a national retailer to pay a $1.35 million fine and implement remedial measures to resolve alleged violations of...more
In 2019, the US data privacy framework changed significantly with the emergence of the California Consumer Privacy Act which created a significant compliance burden for most businesses that collect personal information about...more
The California Privacy Protection Agency (CPPA) shows no signs of slowing its California Consumer Privacy Act (CCPA) enforcement. Its latest action against Tractor Supply Company once again targets CCPA opt-out compliance,...more
The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and...more