Key point: Whether your business runs a retail loyalty program, a restaurant rewards app, a software referral campaign, or an online sweepstakes, these programs often collect customer information, and that …
Key point: 2026 may be a pivotal year for organizations to monitor cyber incident reporting requirements—the voluntary sharing allowed under CISA 2015 remains available, but only through September, and regulations …
A recent ruling by the Southern District Court of New York sets a historical precedent for the use of generative AI platforms in the legal profession. The court found that…
With three new state privacy laws that took effect on January 1, 2026 (Indiana, Kentucky, and Rhode Island), adding to an extensive list of others, many organizations are discovering that…
In October 2023, California passed the Delete Act, which, in addition to requiring data brokers to register with the state, directed Cal Privacy (f/k/a the California Privacy Protection Agency…
Key point: Historically, civilian‑agency contractors who handled Controlled Unclassified Information (CUI) enjoyed an informal compliance environment, with a requirement to adhere to NIST SP 800‑171 often framed as self‑attestation. That …
Key point: The President’s latest Executive Order establishes the Genesis Mission and aspires to use AI to accelerate scientific discovery in sectors such as biotech, quantum, nuclear power, and semiconductors.
Litigation targeting website tracking technologies—such as cookies, pixels, session replay, and analytics tools—remains a major risk for businesses in 2025 and beyond. Courts continue to shape the boundaries of liability…
In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; …
