-
US
-
General
- “Clearview AI Settlement Approved in Face-Scan Privacy Lawsuit” May 2025 - Wilson Sonsini
- “DoD Specifies Implementation Requirements for NIST 800-171 Cyber Standard” May 2025 - Crowell
- “October 6 Compliance Deadline for DOJ’s Data Security Program: What Companies Need to Know” October 2025 - Cooley
- “Smoothing Privacy Contracting: Six Ways to Reduce Friction in Data Processing Agreements” May 2025 - Venable
- “Clock Ticking: DOJ’s New Data Security Rule Requires Compliance by July 8” May 2025 - Robinson Cole
- “FTC Order with GoDaddy Finalized Over Lax Data Security” May 2025 - Robinson Cole
- “Data Breach Lawsuits Surge Against Chord Specialty Dental Partners” May 2025 - Robinson Cole
- “AI Service Provider Faces Class Actions Over Catholic Health Data Breach” May 2025 - Robinson Cole
- “FDPIC Confirms Direct Applicability of Data Protection Law to AI and Outlines Regulatory Approach” May 2025 - A&O Shearman
- “Financial Services Industry Petitions the SEC for a Rulemaking to Amend the Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule” May 2025 - Debevoise & Plimpton
- “Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires” May 2025 - Debevoise & Plimpton
- “A Closer Look at the Data Security Requirements in DOJ’s Bulk Data Rule” June 2025 - Venable
- “Navigating Consent: Emerging Trends in Children’s Data Privacy Across APAC” June 2025 - A&O Shearman
- “OCR’s Risk Analysis Initiative: Lessons From Recent HIPAA Enforcement Actions” June 2025 - ArentFox Schiff
- “Fourth Circuit Reverses Class Certification of Data Breach Claims” June 2025 - Wilson Elser
- “NSA Issues Cybersecurity Guidance and Best Practices for AI Systems” June 2025 - Davis Wright Tremaine
- “Where Cybersecurity Maturity Meets Confidence in C-suite and Board Leadership” June 2025 - Deloitte
- “Privacy Legislation: July 2025 Update” July 2025 - Frost Brown Todd
- “AI Governance and Data Minimization in the 5G Era: What Employers and Providers Must Consider Now” July 2025 - Fisher Phillips
- “Series of Major Data Breaches Targeting the Insurance Industry” August 2025 - Crowell
- “Federal Jury Finds Against Meta for Collecting Data from Flo Health” August 2025 - Robinson+Cole
- “CISA Releases Malware Analysis Report for Microsoft SharePoint Vulnerabilities” August 2025 - Robinson+Cole
- “DOJ Ends July 2025 with Two Groundbreaking FCA Settlements in the Cybersecurity Space” August 2025 - Gibson Dunn
- “Fall 2025 Regulatory Roundup: Top U.S. Privacy and AI Developments for Businesses to Track” September 2025 - Hinshaw
- “European General Court Confirms Validity of the EU–U.S. Data Privacy Framework” September 2025 - Baker Botts
- “The Growing Threat of AI Deepfake Attacks” August 2025 - The D&O Diary
- “NYDFS Imposes $2M Penalty for Violations of its Cybersecurity Regulation” August 2025 - Pillsbury
- “Hardening Software Security: DOJʼs Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity” August 2025 - Crowell
- “Salesforce Users: Organizations Using the Salesloft Drift AI Chat Agent with Salesforce Must Check Their Presence for Compromise” September 2025 - Lowenstein Sandler
- “Additional Analysis on DOD’s Final Rule for the Cybersecurity Maturity Model Certification Program” September 2025 - Wiley
- “FTC COPPA Enforcement – Still Alive and Well” September 2025 - Mintz
- “AI and Privacy on a Legal Collision Course: Steps Businesses Should Take Now” August 2025 - Baker Donelson
- “The EU-US Data Privacy Framework Survives an Annulment Challenge” September 2025 - BCLP
- “Salesloft Drift Supply Chain Attack Leads to Widespread Data Theft” September 2025 - McDermott
- “Multistate Privacy Enforcement Sweep Puts Global Privacy Control in the Spotlight” September 2025 - Goodwin
- “States Ramp Up Enforcement of Privacy Opt-Out Compliance” September 2025 - Venable
- “Smoothing Privacy Contracting: Six Ways to Reduce Friction in Data Processing Agreements” May 2025 - Venable
- “Trump Executive Order Puts the Spotlight on Foreign Cyber Threats, Managing AI Vulnerabilities, and Secure Software Development” June 2025 - Debevoise & Plimpton
- “American Medical Association Adopts Landmark Policy on Neural Data Privacy” July 2025 - Cooley
- “July 2025 Privacy Compliance Countdown: Key Deadlines for Five State Privacy Laws and DOJ’s Bulk Sensitive Data Rule” July 2025 - Hinshaw
- “Update: Enforcement of DOJ Data Security Program Set to Begin July 9” July 2025 - Wiley
- “When Does a Service Provider Become Liable for Its Users’ Piracy? The Supreme Court Grants Cert in Cox v. Sony to Address Issues of Contributory Infringement and Willful Infringement” July 2025 - Crowell
- “Insights FTC Finalizes Amendments to Rule Protecting Children’s Data” January 2025 - Wilson Elser
- “Unpacking the Executive Order on AI (for Data Privacy)” November 2023 - Polsinelli
- “Data Privacy Bill in Congress Would Create Federal Enforcement Over Algorithms” June 2022 - DLA Piper
- “DOJ Announces Proposed Rule to Mitigate Data Security Risks Related to AI” March 2024 - DLA Piper (3/24)
- “Trump 2.0 Week 1 Tech Policy Rundown: Pivot on AI but Data Rules Stand” January 2025 - Goodwin
- “DOJ Issues Guidance on Data Export Control Rule” April 2025 - WilmerHale
- “Generative AI: Privacy and Consumer Protection Considerations” May 2023 - Wilson Sonsini
- “Generative Artificial Intelligence, Automated User Interfaces, and the New Laws of Dark Patterns” June 2023 - Arent Fox
- “Data Scraping, Privacy Law, and the Latest Challenge to the Generative AI Business Model” January 1970 - Arent Fox Schiff
- “What’s Next for AI? Six Areas to Watch in 2024” January 2024 - Goodwin
- “The Impact of AI on Your Risk Profile” January 2024 - Cleary Gottlieb
- “The Development of AI and Protecting Student Data Privacy” February 2024 - Arent Fox
- “The Risks of an Operating System Integrated with Artificial Intelligence” July 2024 - Jackson Lewis
- “A Sword and a Shield: AI’s Dual-Natured Role in Cybersecurity” September 2024 - Torys
- “4 Areas to Focus Board Oversight of Data-Related Risks” November 2024 - KPMG
- “Confronting Social Engineering in the Age of Artificial Intelligence” February 2025 - Hogan Lovells
- “For Better or MORSE: Another Settlement Under DOJ’s Civil Cyber-Fraud Initiative” April 2025 - Crowell
- “DOJ Releases Its Data Security Program Compliance Guide” April 2025 - Pillsbury
- “Freshfields Authors US Cybersecurity Practice Guide” April 2025 - Freshfields
- “Cybersecurity Failures Lead to False Claims Act Case Against Government Contractor” April 2025 - Saul Ewing
- “DOJ’s Latest Guidance on the Data Security Program: What’s New?” April 2025 - Troutman Pepper
- “Managing Data Security and Privacy Risks in Enterprise AI” March 2025 - Frost Brown
- “A Civil Money Penalty With Warby Parker Following Cybersecurity Incident” February 2025 - Saul Ewing
- “Cybersecurity Overview: A Survey of Form 10-K Cybersecurity Disclosures by the S&P 100 Companies” December 2024 - Gibson Dunn
- “FCC Announces Administrators for IoT Cybersecurity Labeling Program” December 2024 - Wiley
- “Cyber Risks and Insurance 2025 Forecast” December 2024 - Wiley
- “11 Cybersecurity Blog Posts for 2024” December 2024 - Debevoise & Plimpton
- “Top 10 SEC Cyber/AI Blog Posts for 2024” December 2024 - Debevoise & Plimpton
- “New Year, New Privacy Laws!” January 2025 - Bass Berry
- “3 Steps to Protect Highly Sensitive Assets in an M&A Deal” January 2025 - Procopio
- “FDA Issues Artificial Intelligence-Enabled Device Software Functions Draft Guidance” January 2025 - DLA Piper
- “White House Releases Executive Order to Strengthen and Promote Cybersecurity Innovation” January 2025 - Paul Weiss
- “FTC Adopts Amended Children’s Online Protection Act Rule” January 2025 - Wiley
- “CFPB Proposes Interpretive Rule on Emerging Payment Mechanisms Under Regulation E and Requests Information to Consider Extended Data Privacy Protections” January 2025 - Steptoe
- “CFPB Proposes Interpretive Rule on Emerging Payment Mechanisms Under Regulation E and Requests Information to Consider Extended Data Privacy Protections” January 2025 - Steptoe
- “FTC finalizes changes to COPPA” January 2025 - DLA Piper
- “Privacy, Data and Cybersecurity Newsletter Issue 25” January 2025 - Katten
- “Key Cybersecurity and Privacy Developments in 2024” January 2025 - Paul Weiss
- “FTC Updates to the COPPA Rule Impose New Compliance Obligations for Online Services That Collect Data from Children” January 2025 - Gibson Dunn
- “White House Introduces Cyber Trust Mark Program” January 2025 - Pillsbury
- “AI Legal Landscape: Top Challenges and Strategies in 2025” February 2025 - Arent Fox
- “2024 Privacy, AI & Cybersecurity Year in Review” February 2025 - Troutman Pepper
-
California
- “State Privacy Enforcement Ramp-Up Continues with New Actions in California and Texas” May 2025 - Wiley
- “Privacy Opt-Outs Remain in the Crosshairs: Tractor Supply Faces Largest CPPA Fine to Settle Privacy Allegations” October 2025 - Venable
- “California Finalizes Pivotal CCPA Regulations on AI, Cyber Audits, and Risk Governance” October 2025 - Wiley
- “California Enacts New Privacy Laws as Other States Expand Data Privacy Regulations and Enforcement Focus” October 2025 - Venable
- “The California Opt Me Out Act: What it Means for Businesses Subject to the California Consumer Privacy Act” October 2025 - Clark Hill
- “California Regulator Finalizes CCPA Rules for Automated Decision Making, Cybersecurity Audits and Risk Assessments” June 2025 - Katten
- “CCPA 2025 Updated Regulations: What’s New, What’s Next, and What to do” September 2025 - DLA Piper
- “California Privacy Protection Agency Fines Tractor Supply $1.35M for Privacy Law Violations” October 2025 - Holland & Knight
- “California Privacy Regulator Finalizes Automated Decisionmaking, Cybersecurity, and Risk Assessment Regulations” July 2025 - Davis Wright Tremaine
- “CPPA Approves New CCPA Regulations on AI, Cybersecurity, and Risk Governance, and Advances Updated Data Broker Regulations” July 2025 - Wilson Sonsini
- “New California Regs Will Impact Your AI and Privacy Policies” July 2025 - Fisher Phillips
- “Amendments to the COPPA Rule Now in Effect” August 2025 - Bass Berry Sims
- “The Golden State’s Latest Guardrails for Consumer Privacy” September 2025 - Bass Berry Sims
- “CPPA Regulations Are Moving Forward: Here is What You Need To Know” August 2025 - Mintz
- “The CPPA Finalizes Rules on ADMT, Risk Assessments, and Cybersecurity Audits” August 2025 - Baker Botts
- “Cybersecurity Audits Under the California Consumer Privacy Act (CCPA)” September 2025 - Faegre Drinker
- “California, Colorado and Connecticut Keep Data Privacy Enforcement Pressure on with Joint Enforcement Sweep” September 2025 - Crowell
- “12 California Bills Employers Should Watch as State Lawmakers Sign Off for 2025” September 2025 - Fisher Phillips
- “Don’t Delay! California Likely to Soon Require Data Breach Notifications to be Provided to Consumers Within 30 Days” July 2025 - Fisher Phillips
- “CCPA Health Check: Key Compliance Lessons from the Healthline Settlement” July 2025 - Venable
- “CPPA Adopts Long Awaited Rulemaking Package “ July 2025 - Debevoise & Plimpton
- “Honda Settles with the CPPA Over Privacy Violations: Key Takeaways for Businesses” March 2025 - Bass Berry
- “California Court Rejects Attempt to Expand Third-Party Eavesdropping Claims to Internet Communications” April 2025 - Fisher Phillips
- “AB 1008: California Adds Privacy Obligations for AI Model Developers” February 2025 - Wilson Sonsini
- “California Privacy Protection Agency Clarifies Application of the CCPA to Insurance Companies” February 2025 - Ogletree Deakins
- “AI Voice Products Subject to California Invasion of Privacy Claims” February 2025 - Goodwin
- “CPPA Proposed Rulemaking Package Part 1: Cybersecurity Audits” December 2024 - Debevoise & Plimpton
- “California Starts 2025 with More Regulatory Action” January 2025 - Venable
- “California’s AI Laws Are Here: Is Your Business Ready?” February 2025 - Pillsbury
-
Colorado
- “Colorado Tightens Rules on Minors’ Online Data: Are You Ready for October 1?” September 2025 - Lowenstein Sandler
- “California, Colorado and Connecticut Keep Data Privacy Enforcement Pressure on with Joint Enforcement Sweep” September 2025 - Crowell
- “PTFA Privacy Claims: Is a Little-known Colorado Statute the New Right to Publicity? September 2025 - Clark Hill
- “Colorado Unveils New Privacy Rules” December 2024 - Fisher Phillips
-
Connecticut
- “California, Colorado and Connecticut Keep Data Privacy Enforcement Pressure on with Joint Enforcement Sweep” September 2025 - Crowell
- “No More Warnings: Ignoring AG Costs $85,000” July 2025 - Mintz
-
Delaware
-
Iowa
- “Iowa Governor Signs Data Privacy Act into Law” March 2023 - Bass Berry
-
Kentucky
-
Louisiana
- “Apps and Minors: New Compliance Frontiers and Risks in Louisiana, Utah, and Texas” July 2025 - Bass Berry Sims
-
Maryland
- “Maryland Lands On Novel Data Privacy Scheme” May 2024 - Bass Berry
-
Michigan
- “Eyes on Michigan: What Businesses Need to Know About Pending Consumer Privacy and Identity Theft Legislation” September 2025 - Fisher Phillips
-
Minnesota
- “Minnesota Consumer Data Privacy Act: What Businesses Need to Know” July 2025 - Frost Brown Todd
- “July 2025 Privacy Compliance Countdown: Key Deadlines for Five State Privacy Laws and DOJ’s Bulk Sensitive Data Rule” July 2025 - Hinshaw
- “Minnesota Enhances Consumer Data Protections” June 2024 - Bass Berry
-
Missouri
-
Montana
- “Big Sky, Bigger Privacy: Montana Broadens Its Consumer Data Privacy Act” May 2025 - Bass Berry Sims
-
Nebraska
- “Nebraska Governor Signs Data Privacy Act” April 2024 - Bass Berry
- “Nebraska Introduces First-of-its-Kind Privacy Bill Aimed at Protecting Agricultural Data” February 2025 - ArentFox
-
New Hampshire
- “New Hampshire Comprehensive Privacy Bill Signed into Law” March 2024 - Bass Berry
-
New Jersey
- “New Jersey Proposes New Privacy Rules That Would Impact Compliance” June 2025 - Wiley
- “Proposed New Jersey Regulations Would Require Major Privacy Compliance Shifts for Businesses” July 2025 - Fisher Phillips
- “Insights from the Recent FAQs on New Jersey Data Privacy Law” January 2025 - Wilson Elser
- “Data Brokers Face Slew of Lawsuits Under New Jersey Privacy Law” December 2024 - Ogletree Deakins
- “New Jersey, New Privacy Law” January 2024 - Bass Berry
-
New York
- “New York’s Child Data Protection Act Is Now In Effect: What You Need to Do” June 2025 - Goodwin
- “The New York Public Service Commission Takes Steps to Protect Critical Energy Infrastructure and Utility Customers from Growing Cybersecurity Threats” June 2025 - Hodgson Russ
- “July 2025 Privacy Compliance Countdown: Key Deadlines for Five State Privacy Laws and DOJ’s Bulk Sensitive Data Rule” July 2025 - Hinshaw
- “New York Department of Health Issues ‘Urgent’ Cybersecurity Warning to New York Health Care Providers Following U.S. Military Action in Iran” July 2025 - Crowell
- “NYDFS Issues Letter Highlighting Cybersecurity Risks of AI” October 2024 - McDermott Will & Emery
- “Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS” October 2024 - Debevoise
- “DFS Issues Circular Letter Addressing Cybersecurity Risks Related to AI” October 2024 - ArentFox Schiff
- “NYDFS Publishes Guidance on AI-Related Cybersecurity Risks” October 2024 - Goodwin
- “NYDFS Issues Guidance on Artificial-Intelligence-Related Cybersecurity Risks” October 2024 - Alston & Bird
- “NYDFS Issues Guidance Concerning Cybersecurity Risks Posed by Artificial Intelligence” November 2024 - Baker Botts
- “Are Your Cybersecurity Controls Ready for the New York State Department of Financial Services’ Deadlines?” April 2025 - Hinshaw
- “New York Health Data Requirements Potentially Ahead” March 2025 - Ogletree Deakins
- “New York Department of Financial Services Provides Cybersecurity Guidance on AI” February 2025 - Wilson Sonsini
- “New York Amends Data Breach Notification Law to Enhance Notification Requirements, Expand Definition of ‘Private Information’” January 2025 - Ogletree Deakins
-
Oregon
- “Oregon Becomes Twelfth State to Enact a Comprehensive Consumer Privacy Law” April 2023 - Bass Berry
-
Rhode Island
-
Tennessee
- “July 2025 Privacy Compliance Countdown: Key Deadlines for Five State Privacy Laws and DOJ’s Bulk Sensitive Data Rule” July 2025 - Hinshaw
- “Tennessee Information Protection Act Approved by Lawmakers” April 2023 - Bass Berry
-
Texas
- “State Privacy Enforcement Ramp-Up Continues with New Actions in California and Texas” May 2025 - Wiley
- “Apps and Minors: New Compliance Frontiers and Risks in Louisiana, Utah, and Texas” July 2025 - Bass Berry Sims
- “New Texas AI Law Affects Collection and Use of Biometric Identifiers” July 2025 - Frost Brown Todd
- “Texas Cyber Command: New Authority for Statewide Cybersecurity Coordination” July 2025 - Pillsbury
-
Utah
- “Apps and Minors: New Compliance Frontiers and Risks in Louisiana, Utah, and Texas” July 2025 - Bass Berry Sims
-
Washington
- “Location Data as Health Data? Precedent-Setting Lawsuit Brought Against Retailer Under Washington’s My Health My Data Act” February 2025 - Ogletree Deakins
-
-
EU
- “Data Protection Authorities in the EU Focus on AI Models and Continue to Develop Guidance” May 2025 - Wilson Sonsini
- “CJEU Publishes an Updated Fact Sheet Summarising Key Case Law on Protection of Personal Data” May 2025 - A&O Shearman
- “EU Data Act: Key Provisions and What You Need to Know” October 2025 - Debevoise & Plimpton
- “UK Publishes New Codes for Software Security and Warns on AI Cybersecurity Divide” May 2025 - Crowell
- “EU Commission Publishes Call for Evidence on Digital Simplification Agenda” October 2025 - A&O Shearman
- “European Commission Publishes Proposals for Simplification of the GDPR” May 2025 - A&O Shearman
- “EU Initiates Renewal of UK Adequacy Decision Following the UK’s Adoption of the Data (Use and Access) Act 2025” June 2025 - Katten
- “DORA Delegated Regulation on Threat-Led Penetration Testing Published in Official Journal” June 2025 - Katten
- “Understanding Switching Termination Rights Under the Data Act” July 2025 - DLA Piper
- “Cloud GDPR Risks Highlighted by European Commission Ruling Over Microsoft 365 Use” August 2025 - Crowell
- “European General Court Confirms Validity of the EU–U.S. Data Privacy Framework” September 2025 - Baker Botts
- “The EU Data Act: Impact on Connected Products and Device Manufacturers” August 2025 - Faegre Drinker
- “The EU-US Data Privacy Framework Survives an Annulment Challenge” September 2025 - BCLP
- “EU Data Act: What Businesses Need to Know” September 2025 - Latham & Watkins
- “Children first: How Ofcom’s Children’s Code and Age Checks Change the Digital Game” July 2025 - Crowell
- “EU Data Protection, AI and Trade Secrets” March 2025 - Sullivan & Cromwell
- “The EU’s Cyber Resilience Act: New Cybersecurity Requirements for Connected Products and Software” April 2025 - Pillbury
- “EU and UK Data Protection Authorities Are Monitoring Use of Personal Data to Train AI” February 2025 - Wilson Sonsini
- “European Data Protection Roundup: January 2025” February 2025 - Debevoise & Plimpton
- “DORA: Just Over Three Months Until Take Off” September 2024 - Latham & Watkins
- “The EU Cyber Resilience Act Has Entered into Force” December 2024 - Steptoe
- “The EU Cyber Resilience Act: What Businesses Need to Know” November 2024 - BCLP
- “EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment” December 2024 - Wilson Sonsini
- “European Data Protection Roundup: Q4 2024” January 2025 - Debevoise & Plimpton
- “Privacy, Data and Cybersecurity Newsletter Issue 25” January 2025 - Katten
-
Other
- “English Beat GDPR Decline: UK Reforms Key Elements of Its Data Privacy Scheme” October 2025 - Bass Berry Sims
- “You Must Be This Tall to Click: The Online Safety Act and Age-Appropriate Access” June 2025 - Katten
- “EU Initiates Renewal of UK Adequacy Decision Following the UK’s Adoption of the Data (Use and Access) Act 2025” June 2025 - Katten
- “Data (Use and Access) Act gets Royal Assent” June 2025 - A&O Shearman
- “The UK’s Data Protection Reforms Finally Arrive: What You Should Know About the Data (Use and Access) Act” June 2025 - Paul Weiss
- “The Data (Use and Access) Act” July 2025 - Mayer Brown
- “Mitigating Third-party Provider Cybersecurity Risks: Navigating the Australian Legal Framework” August 2025 - A&O Shearman
- “Does the Data (Use and Access) Act Deliver Innovation and Opportunity?” August 2025 - A&O Shearman
- “The Middle Eastʼs Big Bet on Artificial Intelligence and Data Security” September 2025 - Crowell
- “DSIT’s Latest Findings on AI, Other Emerging Technologies and Cyber Security” August 2025 - Crowell
- “Information Commissioner’s Office publishes 2024–2025 Annual Report” August 2025 - A&O Shearman
- “ICO Issues Guidance on the Data (Use and Access) Act” July 2025 - A&O Shearman
- “UK Government’s Take on Ransomware: Insights from the Recent Consultation” July 2025 - Crowell
- “Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers” March 2025 - Crowell
- “EU and UK Data Protection Authorities Are Monitoring Use of Personal Data to Train AI” February 2025 - Wilson Sonsini
- “European Data Protection Roundup: January 2025” February 2025 - Debevoise & Plimpton
- “Privacy, Data and Cybersecurity Newsletter Issue 25” January 2025 - Katten
Memos & Analysis
Table of Contents