We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
Senate Bill 1295, entitled, An Act Concerning Broadband Internet, Gaming, Social Media, Online Services and Consumer Contracts (“Senate Bill 1295”, the “Senate Bill”, or the “Bill”), was passed by Connecticut legislature in...more
Every day, businesses collect personal information such as names, email addresses, phone numbers and payment details. This information is valuable and must be handled carefully. Unfortunately, cyberattacks and data leaks are...more
As we enter 2026, the changes of the last several years are no longer abstract. Technology decisions are now examined closely by regulators, courts and counterparties, often long after those decisions were made. At the same...more
Although Indiana adopted the Consumer Data Protection Act (CDPA) in 2023, on January 1, 2026, the CDPA rubber officially hit the road. This data privacy law regulating how businesses must handle the personal information of...more
As you slowly emerge from your tryptophan coma next week, and realize that the first of December is upon us, many complex legal tasks may seem too daunting to face. Luckily, the privacy team at Stoel Rives has developed a...more
During a recent gathering of data privacy and security experts, regulators from the Maryland and Delaware Offices of Attorney General provided their insights regarding priorities for state privacy enforcement and...more
“Trap and trace” and website privacy lawsuits are on the rise nationwide. Plaintiffs’ lawyers are zeroing in on companies that use chat tools, analytics, or ad pixels without proper disclosures or consent. The common thread?...more
Recent developments from the Network Advertising Initiative (NAI) and the California Privacy Protection Agency (CPPA) impact how businesses manage consumer opt-out preferences and Global Privacy Control (GPC) signals. Below...more
As we’ve said, privacy compliance has long since evolved beyond check-the-box expectations. Today, organizations can no longer afford to be passive about privacy, and instead must be actively engaged in managing all aspects...more
Employers in Washington who use biometric timekeeping or security tools should take note of recent developments. While current state laws provide some exemptions for employment-related uses of biometric data, new litigation...more
On September 30, the California Privacy Protection Agency (“CPPA” or “Agency”) announced a $1.35 million settlement – the largest in the agency’s brief history – with Tractor Supply Company (“Tractor Supply”), a rural...more
A growing number of U.S. states are requiring businesses to offer mechanisms in their privacy policies or online interfaces to allow individuals to "opt out" of data collection. However, in increasing numbers, many states are...more
As discussed in Part One of our Privacy Under Fire series, tools such as disclosures and cookie banners can no longer be treated as boilerplate. Recent lawsuits against high-profile companies show how these policies are being...more
As a reminder, The Campaign Registry (“TCR”) continues to be mandatory for telephone numbers that are routed through a virtual phone service provider (“service provider”). The goal of TCR registration is to prevent spam and...more
A comprehensive and regularly updated data privacy policy, along with clear online terms of use, is essential for retailers who engage with customers through websites, mobile applications, or social media platforms. These...more
As of September 15, 2025, the NAI has discontinued its cookie- and email-based opt-out tools. Companies should update their privacy policies accordingly, as links to the NAI tool will no longer function....more
Michigan lawmakers are considering sweeping updates to the state’s identity theft protection law while also debating whether Michigan will become one of nearly half the states that have passed a consumer privacy law. Fisher...more
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods....more
On July 30, 2025, a wine producer was sued in connection with a cyberattack that allegedly compromised the data of at least 26,000 customers. Among other things, the complaint alleges that the company failed to implement...more
Researchers at Arizona State University and Citizen Lab have discovered that three families of Android VPN applications, used by millions of people worldwide, are related and owned by companies or individuals located in...more
In today’s digital landscape, a website privacy policy is no longer just a legal formality—it’s a critical shield for your business and a trust-building tool for your customers. Here’s why every company should prioritize...more
A recent high-profile breach at a women-focused dating app underscores how quickly a privacy misstep can escalate into lawsuits and reputational harm. The incident offers a cautionary tale for any company handling sensitive...more
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
Amendment 13, which significantly updates privacy laws in Israel, has come into effect! If you still don’t know what to do to comply with the requirements, we’ve prepared a guide to help you address the main issues (not all...more
On May 1, 2025, the California Privacy Protection Agency (CPPA) issued a Final Order in one of its first public enforcement actions under the California Consumer Privacy Act (CCPA), imposing a fine of nearly $350,000 on the...more