News & Insights

Patchwork 2.0: FAQs on Emerging US State AI Laws and What to Do About Them

US privacy lawyers have long used the “patchwork” metaphor to describe the US privacy legal landscape. Early signs suggest that metaphor may…

March 13, 2025

Practical Privacy Privacy & Data Security

Insights

Something Old, Something New: Latest NYDFS Cybersecurity Regulation Enforcement Action Emphasizes Policy Implementation, Training, and Effective Access Controls

The New York State Department of Financial Services recently announced that it has entered into a consent…

February 26, 2025

Practical Privacy Privacy & Data Security

Insights

First Lawsuit Filed under Washington’s My Health My Data Act

After Washington adopted the My Health My Data Act (MHMDA) almost two years ago, we and others predicted that the…

February 13, 2025

Practical Privacy Privacy & Data Security

Insights

Addressable No More: HHS Proposes Significant Changes to HIPAA Security Rule

On December 27, 2024, the Department of Health and Human Services (“HHS”) proposed substantial revisions to the 20-year-old HIPAA Security Rule. Comments…

December 30, 2024

Practical Privacy Privacy & Data Security

Insights

Naughty and Nice: Recent Website Tracking Technology Cases Present Mixed Bag for Website Operators

Many people are thinking of holiday cookies at this time of year, but your favorite privacy lawyers are still thinking more about…

December 11, 2024

Practical Privacy Privacy & Data Security

The CPPA’s Hunt for Unregistered Data Brokers

The California Privacy Protection Agency (“CPPA”) has ramped up enforcement efforts under the California Delete Act. In the span…

December 6, 2024

Practical Privacy Privacy & Data Security

Insights

SEC Charges Four Companies with Misleading Cyber Disclosures

In October of 2024, the Securities and Exchange Commission (the “SEC”) charged four current and former public companies – Unisys Corp., Avaya…

December 2, 2024

Capital Markets Privacy & Data Security

Patchwork 2.0: FAQs on Emerging US State AI Laws and What to Do About Them

Something Old, Something New: Latest NYDFS Cybersecurity Regulation Enforcement Action Emphasizes Policy Implementation, Training, and Effective Access Controls

First Lawsuit Filed under Washington’s My Health My Data Act

Addressable No More: HHS Proposes Significant Changes to HIPAA Security Rule

Naughty and Nice: Recent Website Tracking Technology Cases Present Mixed Bag for Website Operators

The CPPA’s Hunt for Unregistered Data Brokers

SEC Charges Four Companies with Misleading Cyber Disclosures

Maybe Not Practical After All: HUD Proposes Revised Cyber Incident Reporting Requirement for FHA-Approved Mortgagees

Illinois Adopts Business-Favorable Amendment to Biometric Information Privacy Act

Everything Is Bigger in Texas… Except for Reproductive Privacy Rights