An online retailer recently successfully asserted consent as a complete defense to a putative Pennsylvania Wiretapping and Electronic Surveillance Control Act class action, resulting in the dispositive dismissal of the action. The decision provides key insights...
Starting June 2, 2025, organizations can apply for the new global Cross-Border Privacy Rules (CBPR) certification, enabling seamless data transfers across participating countries. This voluntary certification is initially available to companies in Japan, Korea...
Follow the progression of select state privacy legislation applicable to children and minors proposed after January 1, 2025. Topics covered include online privacy rights afforded to children and teens and social media protections. Read now » Related Content...
Check out this comprehensive practice note on conducting cybersecurity risk assessments, including the essential elements and an overview of different frameworks, standards, and programs. Read now » Related Content Cyber Vulnerability Management Checklist...
Check out this new detailed guide on the cyber vulnerability handling process, outlining the identification, assessment, prioritization, and remediation of security vulnerabilities as well as monitoring and follow-up. Effective vulnerability management is critical...
In the absence of a federal privacy law, a bipartisan coalition of state regulators has formed the Consortium of Privacy Regulators to coordinate enforcement and ensure consistent application of state data privacy laws. This initiative aims to create a unified...
In last week’s policy speech to the International Association of Privacy Professionals, FTC Commissioner Melissa Holyoak outlined the Republican majority's vision for data privacy, emphasizing the need to balance privacy harms with the benefits of innovation...
Check out the legal requirements and best practices for mitigating third party / vendor risks to consumers' privacy or security by ensuring that vendor contracts involving personal data processing comply with U.S. state privacy laws. Read now » Related...
This chart provides a comprehensive comparison of the data broker laws in California, Oregon, Texas, and Vermont. It outlines key provisions, including entities and data covered, registration fees, registration disclosure requirements, data security obligations...
This in-depth analysis of California's annual data broker registry, which includes nearly 500 companies from over 40 states and a dozen countries, discusses growing regulatory scrutiny and public awareness of data broker practices. Read now » Related...
It is more important than ever for businesses to have a clear understanding of whether their current policies cover cyber incidents and, if so, to what extent. Find out what your organization can do to make it more attractive to insurers. Read now » Related...
While there is no single strategy that applies across all businesses and incidents, there are five fundamental questions every business should ask before communicating about a data security incident. These questions are intended to minimize both the legal and business...
Two U.S. senators have revived a longstanding legislative proposal that would expand digital privacy protections to cover teens between the ages of 13 and 16, ban targeted advertising to minors, and require companies to enable the erasure of underage users'...
The development and deployment of generative artificial intelligence (AI) tools present unique challenges under U.S. and European Union privacy laws and regulations. This practice note explores these obligations at a high level and identifies emerging legal issues...
Read up on common cyber extortion schemes and demands, threat actor roles behind a cybercriminal network, and negotiating with cybercriminals, including risks to consider and steps an organization should take to make an informed payment decision. Read now »...