DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
The Federal Trade Commission (FTC) has been actively flexing its authority as a privacy regulator in recent months. The agency has been especially focused on identifying data practices it views to be “unfair”, thereby...more
Over the weekend, lawmakers unveiled the latest push for a federal privacy law – the American Privacy Rights Act (APRA). The bill was circulated as a discussion draft by Sen. Maria Cantwell (D-WA), Chair of the Senate...more
The Supreme Court of Canada recently delivered a landmark decision on the privacy rights of Internet users. In R v Bykovets, police investigating an alleged online fraud requested and obtained a suspect’s Internet Protocol...more
Artificial intelligence (AI) tools continue to proliferate, with many aiming to automate processes and increase productivity. But customers of these tools or customers of vendors who use them must understand what’s going on...more
Trade secrets have become a de facto intellectual property right for securing valuable artificial intelligence information. Despite regulatory trends toward greater transparency of AI models, federal policy acknowledges,...more
New Jersey rang in the new year with the signing of a state privacy bill. On Jan. 16, Gov. Phil Murphy signed SB No. 322, stating he was proud that New Jersey had joined the ranks of states with consumer privacy bills....more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
Examining AI tools: Before deciding to purchase and implement AI tools in an organization, one must consider various aspects, including privacy issues, discrimination, copyright protection, and suppliers and contracts. The...more
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security....more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law. In the U.S.,...more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
Keypoint: The past two months have seen many courts dismiss privacy claims as judges appear to be more critical of plaintiffs’ theories while other judges have allowed cases to proceed past the motion to dismiss stage....more
On June 30, 2023 the Northern District of Illinois vacated the $228 million damages award previously entered in the first jury trial arising under Illinois’ Biometric Information Privacy Act (BIPA), and ordered a new jury...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
The pace of internet consumer privacy class action litigation is skyrocketing. Remarkably, no specific legislative change in the law triggered the increase in litigation. Instead, the driver of this litigation explosion — in...more
This is the fourth installment in our monthly data privacy litigation reports to provide updates on how courts in the United States have handled emerging data privacy tends in the past month. In this post we look at...more
2022 has seen a new wave of class action lawsuits targeting companies that use technology to track consumers’ interfaces on their websites. These lawsuits generally allege that the use of technologies such as session replay...more
On Wednesday, March 15, the Colorado Attorney General’s Office announced the finalization of the Colorado Privacy Act Rules (“Rules”). The Rules implement the Colorado Privacy Act (CPA), a comprehensive privacy law enacted in...more
With only four months left before most changes to the federal Standards for Safeguarding Customer Information (“Safeguards Rule”) – a component of the Gramm-Leach Bliley Act (“GLBA”) that provides for the protection of...more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
Wednesday’s U.S. Department of Education Dear Colleague Letter announces an expanded Department interpretation of the definition of Third-Party Servicer to include a new array of vendors providing student recruiting and...more
On February 15, Federal Reserve Board Governor Michelle W. Bowman delivered remarks at the Midwest Cyber Workshop, during which she discussed topics related to third-party service provider reliance and regulatory expectations...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more