We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
Businesses that run consumer-facing websites have spent the past several years contending with a steady stream of California Invasion of Privacy Act (CIPA) demands and class actions aimed at everyday digital tools such as...more
Florida has suddenly become flooded with “digital wiretapping” lawsuits or demand letters targeting companies that use standard tracking technologies on their websites or in marketing emails. While historically many of these...more
Over the last several years, plaintiffs’ attorneys and other individuals have used antiquated wiretapping laws, including California’s 1967 wiretapping act, to allege that businesses with websites utilizing third parties and...more
Businesses may be feeling a bit of whiplash from a recent federal court ruling on California’s wiretapping law and should be on alert for whether their website tracking technology could be used to file a viable lawsuit. On...more
Claimants are reviving a 1960s-era wiretapping law to challenge common website tracking tools – including pixels, session replay, chat widgets, and more. Data privacy and compliance professionals navigate an increasing number...more
As you slowly emerge from your tryptophan coma next week, and realize that the first of December is upon us, many complex legal tasks may seem too daunting to face. Luckily, the privacy team at Stoel Rives has developed a...more
“Trap and trace” and website privacy lawsuits are on the rise nationwide. Plaintiffs’ lawyers are zeroing in on companies that use chat tools, analytics, or ad pixels without proper disclosures or consent. The common thread?...more
Recent developments from the Network Advertising Initiative (NAI) and the California Privacy Protection Agency (CPPA) impact how businesses manage consumer opt-out preferences and Global Privacy Control (GPC) signals. Below...more
While it’s common for companies to think that simply having a data privacy policy is enough to meet privacy law requirements, a strong privacy program involves much more than what’s visible on the “stage.” Behind the curtain,...more
As we’ve said, privacy compliance has long since evolved beyond check-the-box expectations. Today, organizations can no longer afford to be passive about privacy, and instead must be actively engaged in managing all aspects...more
A California federal court recently handed businesses another major victory in the ongoing wave of privacy lawsuits targeting website analytics and tracking tools. On September 30, Judge Fernando Aenlle-Rocha of the Central...more
In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; (3) Courts disagree whether disclosure of...more
California’s Invasion of Privacy Act (CIPA) was enacted in 1967 to prevent unlawful wiretapping. Nearly sixty years later it is being used in a new way: to challenge how websites collect and share user data. Today,...more
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan....more
Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google...more
As of September 15, 2025, the NAI has discontinued its cookie- and email-based opt-out tools. Companies should update their privacy policies accordingly, as links to the NAI tool will no longer function....more
No more “checking the box.” Privacy policies should no longer be boilerplate for organizations that handle consumer data. Although the policies may be viewed by some organizations as an unimportant “box to check,” they are...more
Officials from California, Colorado, and Connecticut just announced a coordinated investigative sweep targeting companies whose websites may be ignoring automatic opt-out preference signals that users can configure in their...more
On May 1, 2025, the California Privacy Protection Agency (CPPA) issued a Final Order in one of its first public enforcement actions under the California Consumer Privacy Act (CCPA), imposing a fine of nearly $350,000 on the...more
A California bill aimed at curbing the explosion of lawsuits filed against businesses using common website tools like cookies, pixels, and session replay software has stalled out in the 2025 legislative session, meaning your...more
Healthline Media has agreed to pay $1.55 million to resolve allegations that it violated the California Consumer Privacy Act (CCPA) – which is the largest settlement to date under the state’s landmark privacy law. The...more
In a recent decision, the U.S. District Court for the Northern District of California has construed the private right of action provision under the California Consumer Privacy Act (CCPA) broadly, which increases business risk...more
Businesses need to remain vigilant regarding recent developments in consumer-based data privacy class actions. In recent weeks, the plaintiff class action bar has filed several lawsuits against The Trade Desk Inc. related to...more
Businesses just received some good news when a federal court dismissed a California Invasion of Privacy Act (CIPA) claim that aimed to expand the reach of the state’s wiretapping law to cover internet communications. The...more
Effective companies use their websites to engage with visitors, understand their market, and drive sales — but the legal landscape has grown in complexity in recent years such that maintaining a strong website for your...more