The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
The USPTO issued guidance on February 6, 2024 that clarified existing rules and policies and discussed how to apply them when AI is used in the drafting of submissions to the Patent Trial and Appeal Board (PTAB) and Trademark...more
In response to the number of successful, large-scale ransomware attacks affecting healthcare organizations nearly tripling since 2018, the Department of Health and Human Services (HHS) has released guidance outlining its...more
On October 18, 2023, the Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) issued an update1 containing two resource documents to help educate patients regarding privacy and security...more
Colorado Department of Law Issues Draft CPA Revisions - On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
NIST recently released several key deliverables relating to cybersecurity. These focus on secure software development and new consumer labeling programs as contemplated by President Biden’s Executive Order 14028, which seeks...more
The Colorado AG recently issued guidance on practices companies should consider to safeguard consumer data. This guidance was issued in response to companies asking what “reasonable” security means. While noting that the...more
While everyone hoped that 2021 would be less tumultuous than 2020, it certainly did not turn out that way in the end. The same was true in the world of data privacy – with sweeping new data protection regulations and guidance...more
In the wake of increased ransomware attacks over the course of the last several months, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) has updated a guidance it released last year on potential...more
”Not if, but when" is a phrase commonly used to describe data breach risk. Holding just under $11 trillion in assets, employer-sponsored retirement plans are a particularly enticing target for cybercriminals. Through audits...more
Earlier this month, the U.S. Department of Labor (the “DOL”) issued informal guidance outlining “best practices” for managing the cybersecurity risks facing employer-sponsored retirement plans. Although the DOL has...more
The Employee Benefits Security Administration of the United States Department of Labor (“EBSA”) recently published guidance regarding cybersecurity best practices for recordkeepers and service providers responsible for plan...more
On March 5, 2020, Gov. Phil Scott (VT-R) signed into law amendments to the Security Breach Notice Act (the “Act”). The amendments, which originated in the State Senate as part of an initiative addressing a number of data...more
Shook Weighs in on Updated CCPA Regulations - In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
On February 25th, the Federal Trade Commission (FTC) released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year....more
On January 6, 2020, Andrew Smith, Director of the Federal Trade Commission (FTC) Bureau of Consumer Protection, announced three significant improvements to the FTC’s approach to data security enforcement cases....more
Editors’ Note: This is the sixth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Our previous entry discussed the CCPA, energy, Brexit, health care...more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
The UK Information Commissioner’s Office recently released helpful encryption guidance. Although released to address the GDPR security requirements, this document may be helpful more broadly because of the detail around...more
The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses...more
Lawyers are advisors and advocates. Clients trust lawyers to preserve secrets, confidential matters that when disclosed could cause financial or reputational damage. A significant element of legal representation involves...more
As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an...more
The Commission's "new" cybersecurity guidance largely rehashes existing guidance, as is highlighted by objections from two commissioners. At most, the additional qualitative guidance is incremental. It reiterates the need to...more
In February 2018 the SEC outlined its views with respect to cybersecurity disclosure requirements under the federal securities laws as they apply to public reporting companies. Set forth below is a checklist of items included...more
The U.S. Securities and Exchange Commission on Feb. 21, 2018, issued interpretive guidance on public company cybersecurity disclosures. The new guidance will affect public companies and companies seeking to go public in...more
On Feb. 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance on its expectations for corporate disclosures on cybersecurity risks. The guidance delineates where it believes existing SEC rules...more