To get ahead of the compliance curve, companies must take proactive measures to establish adaptable biometrics compliance programs. This practice note discusses the legal issues regarding biometric data including the major types of biometric technologies, state...
This checklist offers privacy and cybersecurity considerations when designing, developing, and implementing products and services using privacy by design (PbD) principles. PbD focuses on privacy and user-centric notions of design and development throughout the...
U.S. state comprehensive consumer privacy laws include requirements for contracts involving data processing with third-party vendors. Save time by adapting this data processing agreement (DPA) for the processing of personal data between a controller and processor...
An online retailer recently successfully asserted consent as a complete defense to a putative Pennsylvania Wiretapping and Electronic Surveillance Control Act class action, resulting in the dispositive dismissal of the action. The decision provides key insights...
Starting June 2, 2025, organizations can apply for the new global Cross-Border Privacy Rules (CBPR) certification, enabling seamless data transfers across participating countries. This voluntary certification is initially available to companies in Japan, Korea...
Follow the progression of select state privacy legislation applicable to children and minors proposed after January 1, 2025. Topics covered include online privacy rights afforded to children and teens and social media protections. Read now » Related Content...
Check out this comprehensive practice note on conducting cybersecurity risk assessments, including the essential elements and an overview of different frameworks, standards, and programs. Read now » Related Content Cyber Vulnerability Management Checklist...
Check out this new detailed guide on the cyber vulnerability handling process, outlining the identification, assessment, prioritization, and remediation of security vulnerabilities as well as monitoring and follow-up. Effective vulnerability management is critical...
In the absence of a federal privacy law, a bipartisan coalition of state regulators has formed the Consortium of Privacy Regulators to coordinate enforcement and ensure consistent application of state data privacy laws. This initiative aims to create a unified...
In last week’s policy speech to the International Association of Privacy Professionals, FTC Commissioner Melissa Holyoak outlined the Republican majority's vision for data privacy, emphasizing the need to balance privacy harms with the benefits of innovation...
Check out the legal requirements and best practices for mitigating third party / vendor risks to consumers' privacy or security by ensuring that vendor contracts involving personal data processing comply with U.S. state privacy laws. Read now » Related...
This chart provides a comprehensive comparison of the data broker laws in California, Oregon, Texas, and Vermont. It outlines key provisions, including entities and data covered, registration fees, registration disclosure requirements, data security obligations...
This in-depth analysis of California's annual data broker registry, which includes nearly 500 companies from over 40 states and a dozen countries, discusses growing regulatory scrutiny and public awareness of data broker practices. Read now » Related...
It is more important than ever for businesses to have a clear understanding of whether their current policies cover cyber incidents and, if so, to what extent. Find out what your organization can do to make it more attractive to insurers. Read now » Related...
While there is no single strategy that applies across all businesses and incidents, there are five fundamental questions every business should ask before communicating about a data security incident. These questions are intended to minimize both the legal and business...