We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
Enforcement of the Indiana Consumer Data Protection Act (CDPA) has begun, and its penalties can add up quickly. The CDPA was signed in 2023 and became effective January 1, 2026. The law governs how covered businesses collect,...more
Senate Bill 1295, entitled, An Act Concerning Broadband Internet, Gaming, Social Media, Online Services and Consumer Contracts (“Senate Bill 1295”, the “Senate Bill”, or the “Bill”), was passed by Connecticut legislature in...more
February 16, 2026, is the deadline for each HIPAA covered entity to update its Notice of Privacy Practices (NPP) to incorporate new regulatory requirements enacted in 2024. Specifically, HIPAA-covered entities (including...more
Compliance sweep to be undertaken by the OAIC - The Office of the Australian Information Commissioner (the OAIC) has kick-started the year by beginning its first compliance sweep. The OAIC will select approximately 60...more
As we enter 2026, the changes of the last several years are no longer abstract. Technology decisions are now examined closely by regulators, courts and counterparties, often long after those decisions were made. At the same...more
Although Indiana adopted the Consumer Data Protection Act (CDPA) in 2023, on January 1, 2026, the CDPA rubber officially hit the road. This data privacy law regulating how businesses must handle the personal information of...more
Starting in January, three state app store age verification laws will take effect: Texas’ App Store Accountability Act (effective Jan. 1), Utah’s App Store Accountability Act (effective May 7) and Louisiana’s App Store...more
As our readership is aware, the Application-to-Person (“A2P”) 10-digit long code (“10DLC”) ecosystem continues to evolve as mobile carriers refine their requirements for The Campaign Registry (“TCR”). The year 2025 saw a...more
As the year comes to a close and businesses prepare to wrap up 2025, there’s one critical task that should not be overlooked — a comprehensive legal check-up. Just as we schedule annual physicals to safeguard our personal...more
Is your website’s privacy policy up-to-date? For businesses covered by the California Consumer Privacy Act (CCPA) and the expanded 2026 regulations, annual reviews and updates are required—not optional....more
As you slowly emerge from your tryptophan coma next week, and realize that the first of December is upon us, many complex legal tasks may seem too daunting to face. Luckily, the privacy team at Stoel Rives has developed a...more
During a recent gathering of data privacy and security experts, regulators from the Maryland and Delaware Offices of Attorney General provided their insights regarding priorities for state privacy enforcement and...more
“Trap and trace” and website privacy lawsuits are on the rise nationwide. Plaintiffs’ lawyers are zeroing in on companies that use chat tools, analytics, or ad pixels without proper disclosures or consent. The common thread?...more
As we’ve said, privacy compliance has long since evolved beyond check-the-box expectations. Today, organizations can no longer afford to be passive about privacy, and instead must be actively engaged in managing all aspects...more
A growing number of U.S. states are requiring businesses to offer mechanisms in their privacy policies or online interfaces to allow individuals to "opt out" of data collection. However, in increasing numbers, many states are...more
For those keeping track of the growing list of US state “comprehensive” privacy laws, you know that the Maryland law (the Maryland Online Data Privacy Act or MODPA) went into effect on October 1st. This rounds us out for US...more
In 2019, the US data privacy framework changed significantly with the emergence of the California Consumer Privacy Act which created a significant compliance burden for most businesses that collect personal information about...more
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan....more
As discussed in Part One of our Privacy Under Fire series, tools such as disclosures and cookie banners can no longer be treated as boilerplate. Recent lawsuits against high-profile companies show how these policies are being...more
As a reminder, The Campaign Registry (“TCR”) continues to be mandatory for telephone numbers that are routed through a virtual phone service provider (“service provider”). The goal of TCR registration is to prevent spam and...more
On September 23, the California Privacy Protection Agency (CPPA) announced the final approval of a sweeping package of regulations (the Regulations) that will materially expand compliance obligations for businesses subject to...more
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods....more
Over the past few months, securing approval for listing on The Campaign Registry (“TCR”) has become significantly more difficult. Why? Because virtual phone service providers (“service providers”) continue to update internal...more
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
Montana’s privacy law has received a refresh and updates will go into effect October 1, 2025 – exactly one year since the law took effect. The law was modified with SB 297, and changes include coverage, approach with minors,...more