U.S. state comprehensive consumer privacy laws include requirements for contracts involving data processing with third-party vendors. Save time by adapting this data processing agreement (DPA) for the processing of personal data between a controller and processor...
When the genetic testing company 23andMe announced it had entered the federal bankruptcy process in March, concern quickly turned to what would happen to customers’ genetic data . The California biotech company said the bankruptcy would not change how it...
An online retailer recently successfully asserted consent as a complete defense to a putative Pennsylvania Wiretapping and Electronic Surveillance Control Act class action, resulting in the dispositive dismissal of the action. The decision provides key insights...
Starting June 2, 2025, organizations can apply for the new global Cross-Border Privacy Rules (CBPR) certification, enabling seamless data transfers across participating countries. This voluntary certification is initially available to companies in Japan, Korea...
Follow the progression of select state privacy legislation applicable to children and minors proposed after January 1, 2025. Topics covered include online privacy rights afforded to children and teens and social media protections. Read now » Related Content...
Check out this comprehensive practice note on conducting cybersecurity risk assessments, including the essential elements and an overview of different frameworks, standards, and programs. Read now » Related Content Cyber Vulnerability Management Checklist...
Check out this new detailed guide on the cyber vulnerability handling process, outlining the identification, assessment, prioritization, and remediation of security vulnerabilities as well as monitoring and follow-up. Effective vulnerability management is critical...
In the absence of a federal privacy law, a bipartisan coalition of state regulators has formed the Consortium of Privacy Regulators to coordinate enforcement and ensure consistent application of state data privacy laws. This initiative aims to create a unified...
In last week’s policy speech to the International Association of Privacy Professionals, FTC Commissioner Melissa Holyoak outlined the Republican majority's vision for data privacy, emphasizing the need to balance privacy harms with the benefits of innovation...
Check out the legal requirements and best practices for mitigating third party / vendor risks to consumers' privacy or security by ensuring that vendor contracts involving personal data processing comply with U.S. state privacy laws. Read now » Related...
This chart provides a comprehensive comparison of the data broker laws in California, Oregon, Texas, and Vermont. It outlines key provisions, including entities and data covered, registration fees, registration disclosure requirements, data security obligations...
This in-depth analysis of California's annual data broker registry, which includes nearly 500 companies from over 40 states and a dozen countries, discusses growing regulatory scrutiny and public awareness of data broker practices. Read now » Related...
It is more important than ever for businesses to have a clear understanding of whether their current policies cover cyber incidents and, if so, to what extent. Find out what your organization can do to make it more attractive to insurers. Read now » Related...
While there is no single strategy that applies across all businesses and incidents, there are five fundamental questions every business should ask before communicating about a data security incident. These questions are intended to minimize both the legal and business...
Two U.S. senators have revived a longstanding legislative proposal that would expand digital privacy protections to cover teens between the ages of 13 and 16, ban targeted advertising to minors, and require companies to enable the erasure of underage users'...