DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
The past few years have seen a surge of activities from states with respect to the introduction and adoption of consumer privacy bills. These bills vary from state to state, but generally include requirements around data...more
On 12 March 2025, the California Privacy Protection Agency (CPPA) settled with an automaker that allegedly violated various aspects of the California Consumer Privacy Act (CCPA). This first-of-its-kind settlement for the...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
An online retailer was recently hit with the first class action under Washington’s consumer health data privacy law alleging that it used advertising software attached to certain third-party mobile phone apps to unlawfully...more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
It is challenging for businesses to maintain their competitive marketing edge while simultaneously reacting to ever-changing regulations on consumer data collection, usage, and sharing....more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
The Consumer Financial Protection Bureau (CFPB) recently issued guidance that takes an aggressive position regarding the scope of the Fair Credit Reporting Act (FCRA) as covering certain employee monitoring and assessment...more
On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an Industry Letter that discusses the cybersecurity risks associated with the use of artificial intelligence (AI) and outlines strategies to...more
The Federal Trade Commission (FTC) has been actively flexing its authority as a privacy regulator in recent months. The agency has been especially focused on identifying data practices it views to be “unfair”, thereby...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
Recently, the Illinois General Assembly have restarted efforts to amend the Biometric Information Privacy Act of 2008 (“the Act”). On January 31, 2024, Senator Bill Cunningham introduced S.B. 2979 ostensibly to answer the...more
[Editor’s Note: This article has been republished with permission. It was originally published January 18, 2024 on the eDiscovery Assistant Blog] In Episode 129 of Case of the Week, Kelly Twigger of eDiscovery Assistant...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law. In the U.S.,...more
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force. The DGA aims to...more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
Joe Alves filed a class-action complaint against BJ’s Wholesale Club, alleging that BJ’s uses computer code, called Session Replay Code (SRC), to secretly record consumer activity on BJ’s website. Alves claims that BJ’s...more
On June 30, 2023 the Northern District of Illinois vacated the $228 million damages award previously entered in the first jury trial arising under Illinois’ Biometric Information Privacy Act (BIPA), and ordered a new jury...more
Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts...more
2022 has seen a new wave of class action lawsuits targeting companies that use technology to track consumers’ interfaces on their websites. These lawsuits generally allege that the use of technologies such as session replay...more
“Precise Geolocation” has become a hot button issue in the privacy world with recent data privacy laws seeking to regulate the collection and processing of such information, including in California and Virginia. The...more
The use of tracking technologies on websites and mobile applications (e.g., cookies) has become largely ubiquitous in our technology-driven world. Health care providers and organizations, for example, may use tracking...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
As we explained in our last post, managing ediscovery in the cloud is the only viable solution for dealing with the massive amount of electronic data involved in litigation today. Nextpoint has been an advocate for...more