When assisting businesses with the commercial aspects of the California Consumer Privacy Act, we advise them that this same law, with “consumer” in its name, also applies to data related to job applicants, employees, contractors, and other California state residents. Some are surprised, but we get to work addressing some nuanced issues, as some
The Government Mandated “Kill Switch” Coming to a Vehicle Near You
Every so often a law that was passed years ago quietly becomes a present-day compliance reality. Section 24220 of the 2021 Infrastructure Investment and Jobs Act is one of those laws. Tucked into an eleven-hundred-page infrastructure bill with little public debate, the “kill switch law” as it has come to be known by some, awaits
OCR Announces HIPAA Enforcement Action Against Self-Funded Group Health Plan
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored
AI Meeting Assistants and Biometric Privacy: Governance Lessons from the Fireflies.AI Lawsuit
A putative class action filed in December 2025 in the U.S. District Court for the Central District of Illinois offers a reminder that AI meeting assistant and transcription tools potentially carry significant legal exposure when organizations deploy them without appropriate governance guardrails in place. It also serves as a reminder to apply strong governance principles
Sooner State Soon to Join Consumer Privacy Patchwork
- at least 100,000 consumers;
State Enforcers Step Up Scrutiny of Foreign Data Transfers: What Organizations Should Know
U.S. organizations have long focused on federal requirements governing international data transfers. But a growing wave of state enforcement—particularly in Florida and Texas—signals that regulators are increasingly scrutinizing how companies move sensitive data outside the United States, especially when foreign adversaries may be involved. Recent developments suggest organizations should reassess their data flows, vendor relationships
A Reminder About Florida’s Ban on Offshore Health Data Storage: What Providers and Vendors Should Know
In May 2023, Florida enacted a significant change to its health data laws. Senate Bill 264 amended the Florida Electronic Health Records Exchange Act restricting where certain patient data can be stored and accessed. Codified at Section 408.051(3) of the Florida Electronic Health Records Exchange Act, the change mandates that:
In addition to the
Can AI Chatbots Replace Lawyers: Not If a NY Senate Bill Can Help It
Some years ago, I listened to Richard Susskind speak about the “Future of Professions” and, in his view, how systems like AI might replace them. Indeed, the disruption he predicted largely has materialized in recent years, as many assess what impact AI will have on certain professional services, knowledge-based occupations, such as attorneys, accountants, healthcare
Trump Administration’s EO on Cybercrime and a Cyber Strategy for America
On Friday, March 6, 2026, the White House issued a sweeping Executive Order (EO) titled, “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens.” The EO reflects what most organizations already know all too well: cybercrime is no longer an episodic threat. It is a relentless, organized enterprise that is inflicting devastating financial
Top 10 Privacy, AI & Cybersecurity Issues for 2026
As Data Privacy Day 2026 approaches, organizations face an inflection point in privacy, artificial intelligence, and cybersecurity compliance. The pace of technological adoption, in particular AI tools, continues to outstrip legal, governance, and risk frameworks. At the same time, regulators, plaintiffs, and businesses are increasingly focused on how data is collected, used, monitored, and safeguarded.