Businesses face automated decisionmaking disclosures under proposed California regulations

Companies using automated technology to make decisions in areas such as employment would have to provide consumers with a variety of information about their activities.

By Lyle Moran • Nov. 28, 2023

Companies are getting smarter about cyber incidents

Although incidents are up and risks are expanding, companies are better prepared to send threat actors away empty-handed, a specialist says.

By Robert Freedman • Nov. 16, 2023

File-transfer services, rich with sensitive data, are under attack

Exposure can occur if any vendor in an organization’s supply chain transfers sensitive data that was ultimately compromised by an upstream attack.

By Matt Kapko • Nov. 14, 2023

California’s Delete Act won’t hit most companies on privacy

The law signed by Gov. Gavin Newsom this week gives consumers a single portal to have their personal information deleted across the board, but it only applies to data compiled by brokers.

By Robert Freedman • Oct. 12, 2023

SEC cyber disclosure rules put CISO liability under the spotlight

Corporate officers can also be held personally liable for how they respond to data security issues, including through lawsuits from investors.

By David Jones • Sept. 21, 2023

Most workers use AI, usually without company safeguards

Workers are quickly adopting generative AI, and most of them believe the powerful tools do not threaten their jobs, a Conference Board survey found.

By Jim Tyson • Sept. 21, 2023

Maintaining compliance as SEC cracks down on encrypted messaging apps

Navigating enforcement actions and keeping up with regulatory expectations can help your organization benefit from use of the apps while keeping risks aligned with requirements.   

By Chris Lehman • Sept. 20, 2023

Cyber, general liability insurance might cover GenAI risk

Use of protected data by generative AI could be covered by your cyber policy and IP claims like copyright infringement are typically covered by general liability insurance.

By Robert Freedman • Sept. 19, 2023

Google’s antitrust legal battle: Lessons from document preservation failures

The importance of understanding and abiding by the legal implications of document preservation in the face of litigation cannot be overstated.

By Andreas Mueller • Aug. 18, 2023

Generative AI quickly rises ranks among leading enterprise risks

Data privacy, cybersecurity and IP issues are contributing to risk executives’ concerns as the latest AI tools gain greater traction, Gartner reports.

By Lyle Moran • Aug. 14, 2023

SEC cyber rule opening can of worms over insurance coverage

Required disclosures could prompt more lawsuits as plaintiffs leverage what companies file with the agency, driving an increase in insurance exclusions, industry experts say.   

By Robert Freedman • Aug. 14, 2023

Why California AG, privacy agency appealed enforcement limits

The government entities argue that a judge’s ruling thwarted the will of voters and gives businesses freedom to violate key privacy protections.

By Lyle Moran • Aug. 11, 2023

Leveraging the SEC rule on board-level cybersecurity expertise

The agency’s release of cybersecurity rules gives legal leaders a chance to make board expertise part of the resilience they build into their organization.

By Neil Simon • Aug. 10, 2023

Zoom emphasizes customer consent as critics question AI service terms

Concerns stem from what Zoom says it will do with customer and service-generated data and what its policy language allows. 

By Lindsey Wilkinson • Updated Aug. 11, 2023

Privacy roundup: Osano launches new maturity model, data mapping tool

DataGrail and Dykema also recently announced new offerings to support businesses with their data privacy compliance efforts. 

By Lyle Moran • Aug. 3, 2023

California privacy agency launches first enforcement sweep

The California Privacy Protection Agency, which gained enforcement powers July 1, said it is reviewing the data privacy practices of “connected vehicle” manufacturers.

By Lyle Moran • Aug. 2, 2023

Companies must walk a fine line meeting SEC cyber disclosures

Too much detail about your risk management and governance practices will help bad actors, while too little won’t meet what the SEC wants, a Freshfields attorney says.

By Robert Freedman • Aug. 1, 2023

Half of the most-clicked phishing emails contain HR-related subject lines

The C-suite should be aware of how workplace-related phishing messages pique employee interest, a new report indicates.

By Carolyn Crist • July 31, 2023

The case for a multidisciplinary data division in Legal

A tech-enabled, data-literate legal department is better equipped to help businesses manage risk and navigate evolving legal requirements and regulations.

By Olga Mack • July 28, 2023

Investigations are causing data breach costs to skyrocket, IBM finds

As the complexity of data breaches increase, the pressure to conduct more thorough investigations to meet insurance, legal and regulatory requirements is growing.

By Matt Kapko • July 27, 2023

Court backs HSBC in suit alleging bank illegally recorded employee’s confidential calls

The employee’s mother filed suit against HSBC, claiming that the recordings violated California’s Invasion of Privacy Act.

By Ryan Golden • July 25, 2023

California AG investigating business compliance with data privacy law

Attorney General Rob Bonta's latest sweep is focused on employers’ handling of employee data under the California Consumer Privacy Act.

By Lyle Moran • July 21, 2023

FTC launches investigation of OpenAI about data issues

The agency’s inquiry is the biggest regulatory challenge to OpenAI since Italy’s ChatGPT ban.

By Lindsey Wilkinson • July 13, 2023

US-EU deal eases companies’ data-transfer risk — for now

Federal data surveillance has caused US companies headaches, but those are expected to go away if a new agreement survives expected court challenges.

By Robert Freedman • July 11, 2023

2023 in privacy: It (still) scares people

Making data privacy training accessible to everyone in the legal organization will help you get ahead of the surge in state laws while complying with the EU’s GDPR. 

By Jay Brenner • July 7, 2023