Data privacy and security risk and compliance issues relating to exchanges of personal information during merger, acquisition, and similar transactions can sometimes be overlooked. In 2023, we summarized an enforcement action resulting in a $400,000 settlement following a data breach that affected personal information obtained during a transaction.
California aims to bolster its California
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address the specific risks identified in those SEC filings. We discuss them briefly here as they are risks
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release
A recent Forbes article summarizes a potentially problematic aspect of AI which highlights the importance of governance and the quality of data when training AI models. It is called “model collapse.” It turns out that over time, when AI models use data that earlier AI models created (rather than data created by humans), something is
While the craze over generative AI, ChatGPT, and the fear of employees in the professions landing on breadlines in the imminent future may have subsided a bit, many concerns remain about how best to use and manage AI. Of course, these concerns are not specific to Fortune 500 companies.
A recent story in CIODive reports
Following laws enacted in jurisdictions such as Colorado, New York City, Tennessee, and the state’s own Artificial Intelligence Video Interview Act, on August 9, 2024, Illinois’ Governor signed House Bill (HB) 3773, also known as the “Limit Predictive Analytics Use” bill. The bill amends the Illinois Human Rights Act (Act)
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, and New Jersey in passing consumer data privacy laws this year.
The RIDTPPA takes effect on January
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing consumer data privacy laws this year.
Minnesota’s law takes effect July 31, 2025, except that postsecondary institutions and nonprofit corporations governed by
On August 2, 2024, Governor Pritzker signed Senate Bill (SB) 2979, which amends the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (BIPA). The bill, which passed both the Illinois House and Senate by an overwhelming majority, confirms that a private entity that more than once collects or discloses the same biometric