We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
Enforcement of the Indiana Consumer Data Protection Act (CDPA) has begun, and its penalties can add up quickly. The CDPA was signed in 2023 and became effective January 1, 2026. The law governs how covered businesses collect,...more
As our readers know, the use of internet tracking technologies on consumer-facing websites is widespread. Utilization of these third-party tracking tools, however, has led to a proliferation of lawsuits alleging that...more
Throughout 2025, we saw a noticeable uptick in requests from California residents invoking their rights under the state’s “Shine the Light” law, Cal. Civ. Code § 1798.83. ...more
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more
Publishing a website privacy policy is now standard practice. But assuming that a single, generic policy covers everything is inherently risky. In reality, privacy obligations can arise from several directions: baseline...more
Compliance sweep to be undertaken by the OAIC - The Office of the Australian Information Commissioner (the OAIC) has kick-started the year by beginning its first compliance sweep. The OAIC will select approximately 60...more
As announced in late 2025, the Office of the Australian Information Commissioner (OAIC) will in this month commence a crackdown on the privacy policies of organisations that collect information in-person. The OAIC has...more
Does your company operate a website and do business in California? If so, you may soon receive (if you have not already) a letter from a law firm on behalf of a California resident aggrieved by your alleged violation of the...more
Over the last several years, plaintiffs’ attorneys and other individuals have used antiquated wiretapping laws, including California’s 1967 wiretapping act, to allege that businesses with websites utilizing third parties and...more
Question: I’m aware that there are new state consumer privacy laws coming into effect on January 1, 2026, along with recently approved CCPA regulations. Do I need to update my business’s privacy policy and other...more
Claimants are reviving a 1960s-era wiretapping law to challenge common website tracking tools – including pixels, session replay, chat widgets, and more. Data privacy and compliance professionals navigate an increasing number...more
During a recent gathering of data privacy and security experts, regulators from the Maryland and Delaware Offices of Attorney General provided their insights regarding priorities for state privacy enforcement and...more
“Trap and trace” and website privacy lawsuits are on the rise nationwide. Plaintiffs’ lawyers are zeroing in on companies that use chat tools, analytics, or ad pixels without proper disclosures or consent. The common thread?...more
While it’s common for companies to think that simply having a data privacy policy is enough to meet privacy law requirements, a strong privacy program involves much more than what’s visible on the “stage.” Behind the curtain,...more
Does your company’s website use automated bots to interact with visitors? A wave of Florida-based privacy litigation has created new compliance considerations for businesses that use what are now commonplace website tools. If...more
Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; (3) Courts disagree whether disclosure of...more
The California Privacy Protection Agency (CPPA) shows no signs of slowing its California Consumer Privacy Act (CCPA) enforcement. Its latest action against Tractor Supply Company once again targets CCPA opt-out compliance,...more
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan....more
As discussed in Part One of our Privacy Under Fire series, tools such as disclosures and cookie banners can no longer be treated as boilerplate. Recent lawsuits against high-profile companies show how these policies are being...more
After a three-week trial, on Sept. 3, a California federal jury found Google liable for two California law-based claims in invasion of privacy and common-law inclusion upon seclusion. The class action, Rodriguez v. Google...more
Three years after its investigation commenced, the Office of the Australian Information Commissioner (OAIC) has found that retail giant Kmart Australia Limited (Kmart) breached the Privacy Act 1988 (Cth) (Privacy Act) through...more
Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google...more
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods....more
In today’s digital landscape, a website privacy policy is no longer just a legal formality—it’s a critical shield for your business and a trust-building tool for your customers. Here’s why every company should prioritize...more