Navigating Cyber Disclosures in 2026: A Limited Renewal of CISA 2015, and “Take Two” on Finalizing CIRCIA’s Reporting Regulations

By Erik Dullea, Luis Hidalgo & Anokhy Desai on February 26, 2026

Key point: 2026 may be a pivotal year for organizations to monitor cyber incident reporting requirements—the voluntary sharing allowed under CISA 2015 remains available, but only through September, and regulations …

California’s Deletion Request and Opt-Out Platform (DROP) is Live

By Heidi Salow & Anokhy Desai on February 11, 2026

In October 2023, California passed the Delete Act, which, in addition to requiring data brokers to register with the state, directed Cal Privacy (f/k/a the California Privacy Protection Agency…

GSA Joins the CUI Compliance Movement: What Non-Defense Contractors Need to Know

By Erik Dullea & Luis Hidalgo on February 9, 2026

Key point: Historically, civilian‑agency contractors who handled Controlled Unclassified Information (CUI) enjoyed an informal compliance environment, with a requirement to adhere to NIST SP 800‑171 often framed as self‑attestation. That …

Central Computer Processors CPU concept - 3d rendering

The Genesis Mission: A New Executive Order Aims to Transform U.S. Innovation with AI

By Erik Dullea, Olga Shupyatskaya & Anokhy Desai on December 1, 2025

Key point: The President’s latest Executive Order establishes the Genesis Mission and aspires to use AI to accelerate scientific discovery in sectors such as biotech, quantum, nuclear power, and semiconductors.

2025 Update: Website Tracking Litigation and Enforcement

By Heidi Salow & Paloma Acosta on November 20, 2025

Litigation targeting website tracking technologies—such as cookies, pixels, session replay, and analytics tools—remains a major risk for businesses in 2025 and beyond. Courts continue to shape the boundaries of liability…

U.S. Privacy Litigation Update: September 2025 Decisions

By Former Attorney Dustin Taylor on October 21, 2025

In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; …

California’s Latest Trio of Privacy Bills: What Businesses and Consumers Need to Know

By Heidi Salow, Shannon Kapadia & Shevani Mehta on October 13, 2025

California continues to set the pace for digital privacy reform, enacting three groundbreaking laws that will reshape how personal information is handled across the state. On October 8, 2025, Governor…

Massachusetts and California Legislative Activity: Data Privacy and AI Legislation

By Erik Dullea, Heidi Salow, Shannon Kapadia & Shevani Mehta on October 1, 2025

Key point: Recent legislative efforts in Massachusetts, seeking to add another comprehensive data privacy law to the national patchwork of state laws, and in California enacting a law to regulate …

Healthcare Website Tracking: Lessons from Four Recent ECPA Rulings

By Former Attorney Dustin Taylor on September 22, 2025

Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google Analytics—on…

California Legislature Advances Sweeping AI Bill: Implications for Businesses and Developers of “Companion Chatbots”

By Heidi Salow & Shannon Kapadia on September 19, 2025

Key point: The California Legislature is considering a bill that would impose comprehensive requirements on the development, deployment, and use of artificial intelligence (AI) systems, with a focus on transparency, …

Byte Back

Featured Posts

Navigating Cyber Disclosures in 2026: A Limited Renewal of CISA 2015, and “Take Two” on Finalizing CIRCIA’s Reporting Regulations

Heppner v. Claude: Landmark Privilege Waiver by AI Ruling—Key Takeaways for Lawyers and Clients

Website Compliance Must-Dos for 2026: What Legal and Business Teams Should Revisit Now

The Latest