In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to better prepare for and respond to data security incidents. The recommendation reflects a growing recognition across professional service industries—particularly law firms—of
Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers
On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health Fitness Corporation (Health Fitness), a wellness vendor providing services to employer-sponsored group health plans.
This announcement is interesting for several
Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to the Security Rule under HIPAA. The update is aimed at strengthening safeguards for securing electronic protected health information.
A Brief Reminder About the Florida Information Protection Act
According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including the Sunshine State. Perhaps more troubling is that class action litigation is more likely to follow
California’s Proposed Location Privacy Act: A Potential Game-Changer for Tracking Location of Individuals
Businesses that track the geolocation of individuals—whether for fleet management, sales and promotion, logistics, risk mitigation, or other reasons—should closely monitor the progress of California Assembly Bill 1355 (AB 1355), also known as the California Location Privacy Act. If passed, this bill would impose significant restrictions on the collection and use of geolocation data
Happy Privacy Day: Emerging Issues in Privacy, Cybersecurity, and AI in the Workplace
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel must navigate a rapidly evolving landscape of legal and regulatory requirements. This National Privacy Day, it’s crucial to spotlight emerging issues in workplace technology
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data. These situations can severely impact a business, especially when departing employees abscond with confidential business information or trade secrets. Focusing on how the theft
California Attorney General Issues Two Advisories Summarizing Law Applicable to AI
If you are looking for a high-level summary of California laws regulating artificial intelligence (AI), check out the two legal advisories issued by California Attorney General Rob Bonta. The first advisory is directed at consumers and entities about their rights and obligations under the state’s consumer protection, civil rights, competition, and data privacy laws. The
New Jersey Attorney General: NJ’s Law Against Discrimination (LAD) Applies to Automated Decision-Making Tools
This month, the New Jersey Attorney General’s office (NJAG) added to nationwide efforts to regulate, or at least clarify the application of existing law, in this case the NJ Law Against Discrimination, N.J.S.A. § 10:5-1 et seq. (LAD), to artificial intelligence technologies. In short, the NJAG’s guidance states:
the LAD applies to algorithmic discrimination
FAQs for Schools and Persons Affected By the PowerSchool Data Breach
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50 million students in the United States. According to reports, PowerSchool informed customers that, on December 28, 2024, PowerSchool became aware of