- The broad prohibitions on disclosing protected health information (“PHI”) relating to reproductive health for law enforcement or investigatory purposes are vacated nationally.
- The attestation requirement that was included as
CCPA Compliance Reminder: Annual Update Requirement for Online Privacy Policies
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5), CCPA-covered businesses must among other things update their online privacy policies at least once every 12 months. Note that CCPA regulations establish
Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like Ohio and Utah, the new Texas statute provides that certain businesses that “demonstrate[] that at the time of the
The Growing Cyber Risks from AI — and How Organizations Can Fight Back
Artificial Intelligence (AI) is transforming businesses—automating tasks, powering analytics, and reshaping customer interactions. But like any powerful tool, AI is a double-edged sword. While some adopt AI for protection, attackers are using it to scale and intensify cybercrime. Here’s a high-level discussion at emerging AI-powered cyber risks in 2025—and steps organizations can take to defend.
Different Country, Same Challenges: Lessons from a Breach That Could Have Been Prevented
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene.
According to a June 7 article in India Today, KiranaPro suffered a massive data wipe affecting critical business information and customer data. The
Managing the Managers: Governance Risks and Considerations for Employee Monitoring Platforms
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These tools—offered by a growing number of vendors—can monitor everything from application usage and website visits to keystrokes, idle time, and screen recordings. Some go further, offering video capture
Oregon Expands Consumer Privacy Law to Include Auto Manufacturers—and Possibly Their Dealerships
“Our cars know how fast you’re driving, where you’re going, how long you stay there. They know where we work, they know whether we stop for a drink on the way home, whether we worship on the weekends, and what we do on our lunch hours.” OR Representative David Gomberg
The Oregon Legislature recently enacted
Exploring California’s Proposed AI Bill
California lawmakers have proposed new legislation to reshape the growing use of artificial intelligence (AI) in the workplace. While this bill aims to protect workers, employers have expressed concerns about how it might affect business efficiency and innovation.
What Does California’s Senate Bill 7 (SB 7) Propose?
SB 7, also known as the “No Robo
Litigation Trend Alert: Breach of Contract and Warranty Claims Based on Privacy Policies
- Courts are increasingly looking at website privacy policies, terms of use, privacy notices, and other statements from organizations and assessing breach of contract and
California Announces Investigative Sweep of Location Data Industry
On March 10, 2025, California Attorney General Rob Bonta announced an investigative sweep targeting the location data industry, emphasizing compliance with the California Consumer Privacy Act (CCPA). This announcement follows the California legislature proposing a bill that, if passed, would impose restrictions on the collection and use of geolocation data.
Of course, concerns