Artificial intelligence has quickly become part of the modern lawyer’s toolkit. Attorneys are using generative AI platforms to assist with legal research, drafting, editing, and document review. While these technologies can improve efficiency, a growing number of court filings across the country demonstrate a significant risk: AI-generated hallucinations, including fabricated case citations, nonexistent authorities, and
Is a CCPA Risk Assessment Required When Using Productivity Management and Monitoring Platforms?
Key Takeaways
- Outlines key considerations for businesses using productivity management and monitoring platforms – such as, Teramind, ActivTrak, and Insightful – and whether their use may require a CCPA risk assessment.
- Identifies the specific CCPA risk assessment triggers most relevant to such productivity technologies.
Productivity management and monitoring platforms have become a fixture of the
Is a CCPA Risk Assessment Required When Recording Customer Calls?
Key Takeaways
- Analyzes whether recording customer service and sales calls triggers the CCPA’s new risk assessment requirements.
- Identifies the specific CCPA triggers most relevant to call recording, particularly when AI analytics are applied to recordings.
- Notes related obligations under state wiretapping laws and other state privacy frameworks.
Recording customer calls is among the most common
Proposed State Laws For Breach Notification Could Reshape Incident Response Plans
State breach-notification laws continue to evolve, and legislatures are using 2026 sessions to tighten consumer protections and shift the civil liability landscape that often follows a cyber event.
For businesses, the practical takeaway is that incident response planning increasingly needs to account not only for “whether notice is required,” but also for hard timelines, regulator-facing
Consumer Privacy Protections Come to the Heart of Dixie
The governor of Alabama recently signed House Bill 351, which establishes a consumer data privacy law for the state. The law takes effect May 1, 2027.
To whom does the law apply?
The law applies to controllers that conduct business in Alabama or produce products or services targeted to Alabama residents, if they
Is a CCPA Risk Assessment Required When Using AI-Powered Hiring and Screening Tools?
Key Takeaways
- Examines how AI-driven hiring and applicant screening tools interact with the CCPA’s new risk assessment requirements.
- Identifies the CCPA risk assessment triggers most likely to apply—including automated decision-making and systematic observation of applicants.
Artificial intelligence has made significant inroads into the hiring process. Employers increasingly rely on AI-driven tools to screen resumes, analyze
The Delve Scandal: Why a SOC 2 Report Can’t Be a “Check-the-Box” Exercise for Vendor Management
A recent Inc. article highlights an unsettling controversy involving Delve, a Y Combinator-backed compliance startup, and allegations that strike at the heart of how organizations rely on SOC (System and Organization Controls) 2 reports which evaluate an organization’s internal controls over security, availability, and privacy.
According to the report, a whistleblower investigation alleges that Delve
California Privacy Agency Invites Comments on CCPA Application to Employee and Applicant Data
When assisting businesses with the commercial aspects of the California Consumer Privacy Act, we advise them that this same law, with “consumer” in its name, also applies to data related to job applicants, employees, contractors, and other California state residents. Some are surprised, but we get to work addressing some nuanced issues, as some
The Government Mandated “Kill Switch” Coming to a Vehicle Near You
Every so often a law that was passed years ago quietly becomes a present-day compliance reality. Section 24220 of the 2021 Infrastructure Investment and Jobs Act is one of those laws. Tucked into an eleven-hundred-page infrastructure bill with little public debate, the “kill switch law” as it has come to be known by some, awaits
OCR Announces HIPAA Enforcement Action Against Self-Funded Group Health Plan
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored