Privacy & Data Security

Privacy professionals know “adaptable” programs are important. But what does that really mean? What does it look like? And how do we create one? We know that with the never-ending list of new laws and modifications to existing laws, being adaptable is key. To say nothing of regulatory enforcement and class action exposure. The following

In the rapid development of artificial intelligence (“AI”), regulators are playing catch up in creating frameworks to aid and regulate its development.

As the AI landscape begins to mature, different jurisdictions have begun to publish guidance and frameworks. Most recently, on 11 June 2024, Hong Kong’s Office of the Privacy Commissioner for Personal Data (“PCPD”)

On May 31, 2024, the Office of Civil Rights (OCR) released “updates” to its HIPAA FAQs regarding the Change Healthcare cybersecurity incident. In its Press Release, OCR pointed out that it updated its FAQs to specifically address questions it has been receiving concerning who is responsible for performing breach notification to HHS, affected individuals, and (where applicable)

Pivotal shifts have occurred in global data privacy, artificial intelligence (AI), and cybersecurity from executives facing more pressure to monitor their organizations’ cybersecurity operations, to an unprecedented wave of consumer data privacy laws and rapid advancements in AI technology use and deployment. Indian organizations should establish best practices to address these new (and emerging) laws,

In the past several weeks, the Minnesota governor has signed into law the Minnesota Consumer Data Privacy Act, while the Vermont Data Privacy Act has been passed by the legislature and awaits the governor’s signature. Both of these laws include provisions that depart from the general model set by state comprehensive privacy laws enacted to

Amendments to the Illinois Biometric Information Privacy Act Would Dramatically Affect Accrual of Damages

The Illinois Legislature approved Senate Bill 2979 (“S.B. 2979”) to amend the Biometric Information Privacy Act (“BIPA”). SB 2979 would limit the extent of potential civil penalties awarded under BIPA by clarifying that multiple collections of a person’s biometric identifier or

On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York Education Law § 2-d (“NY

Privacy & Data Security Blogs