Solution to patchwork of state data-privacy laws shows promise

By mostly preempting state laws, the American Privacy Rights Act would give companies a much-needed roadmap for compliance, privacy specialists say.

By Jessica Mach • April 12, 2024

EU lawmakers pass sweeping AI rules with global reach, stiff penalties

Penalties include up to €35 million or 7% of a company’s total worldwide annual turnover — whichever is higher — for violations of a ban on “emotion recognition” in the workplace.

By Alexei Alexis • March 13, 2024

Visa spends ‘billions’ battling cybersecurity threats

The company is using generative artificial intelligence to thwart account-to-account fraud by way of Visa services.

By Lynne Marek • March 11, 2024

Cloud intrusions spiked 75% in 2023, CrowdStrike says

Threat actors are targeting organizations’ inconsistent cloud security systems to intrude networks and maintain persistence.

By Matt Kapko • Feb. 27, 2024

CalChamber seeks state Supreme Court review of privacy case

The California Chamber of Commerce is advancing its argument that voters wanted a one-year gap between adoption and enforcement of updated regulations under the state’s landmark consumer privacy law.

By Lyle Moran • Feb. 22, 2024

Old data is the scourge of most breaches

Having a strict data retention policy can reduce the severity of a breach by limiting an organization’s most vulnerable information, breach response specialists say. 

By Robert Freedman • Feb. 21, 2024

Companies struggle with decarbonization due to internal governance, data issues

Most organizations are committed to decarbonization, but a siloed approach, bureaucracy and data challenges stand in the way of success, an Engie report says.

By Suman Bhattacharyya • Feb. 20, 2024

California privacy agency can enforce updated regulations, court rules

Businesses are urged to review their privacy practices to make sure they are in compliance with all elements of the California Consumer Privacy Act.

By Lyle Moran • Feb. 14, 2024

61% of organizations faced regulatory proceedings in 2023, report finds

Survey respondents said state and federal regulatory changes are contributing to fears about increased exposure to regulatory disputes, according to Norton Rose Fulbright.

By Lyle Moran • Feb. 13, 2024

The forward-thinking GC: Growing an in-house career with AI know-how

If artificial intelligence can detect red flags for cancer on brain scans and manage air traffic, can it help in-house legal teams manage contract reviews and redact privileged information from a data set?

Feb. 12, 2024

Contractual obligations driving data privacy, cybersecurity upgrades

To secure work from business partners, more companies are having to get serious about having the right technical and legal safeguards, a specialist says.

By Robert Freedman • Feb. 9, 2024

Data breach class actions are on the rise, report finds

The data breach cases also presented difficulties for the courts around issues of standing and uninjured class members, the Duane Morris report found.

By Lyle Moran • Feb. 6, 2024

State data privacy laws called toothless by public interest groups

With the exception of California, states don’t allow a private right of action and companies can collect more data than they need, experts say.

By Robert Freedman • Feb. 2, 2024

Law firm security breaches are fairly common, survey finds

The tech decision-makers surveyed said improved training and technology would help their law firms become better prepared to address cybersecurity threats.

By Lyle Moran • Jan. 22, 2024

Fed bans ex-banker, fines 3 others over data handling

A bank’s former CFO received more than 280,000 electronic documents — some containing confidential supervisory information — shortly after he was terminated from the bank in 2019, the Fed said.

By Dan Ennis • Jan. 18, 2024

Importance of boards before, during and after a cyber incident

The best practice is to get members of the board involved at the right time. 

By Robert Freedman • Jan. 11, 2024

Cloud concentration poses challenges for businesses, survey finds

“The risk associated with cloud concentration is fast losing its ‘emerging’ status as it is becoming a widely recognized risk for most enterprises,” a Gartner director said.

By Lyle Moran • Jan. 10, 2024

FTC X-Mode settlement focuses on sensitive data

The company must set up a system to ensure sensitive information, like where people live or get their healthcare, doesn’t get included in data it collects and sells.

By Robert Freedman • Jan. 10, 2024

6 in-house legal trends to watch in 2024

AI, labor, antitrust, bankruptcies, women GCs and cross-collaboration are among the headlines in-house counsel can expect this year.  

By Lyle Moran and Robert Freedman • Jan. 9, 2024

NYT said to be using ChatGPT copyright suit as negotiating tactic

The company is less interested in going to trial than generating licensing revenue from the use of its content in training GenAI tools, a tech specialist says.

By Robert Freedman • Jan. 3, 2024

Cyber risk strategies in hot seat as SEC rules go live

The SEC wants to make sure companies are better prepared to mitigate material breaches, ransomware or nation-state espionage attacks.

By David Jones • Dec. 21, 2023

California privacy agency backs opt-out preference for consumers

The regulator would like to see legislation requiring web browser vendors to make it easier for consumers to prevent the selling and sharing of their personal information.

By Lyle Moran • Dec. 19, 2023

Regulatory compliance tops risk concerns for GCs, report finds

Chief legal officers are also increasingly concerned about emerging data sources such as collaboration tools and chat applications, but feel unprepared to handle the associated risks. 

By Lyle Moran • Dec. 18, 2023

3 tips for SEC cyber rule stragglers

The Dec. 18 compliance deadline applies to all covered entities other than smaller reporting businesses, which will be subject to the breach reporting mandates as of June 5 of next year.

By Alexei Alexis • Dec. 14, 2023

FBI to field SEC cyber incident disclosure delay requests

Publicly-traded companies can request incident disclosure delays, but the bar is high. A filing would have to pose a significant threat to public safety or national security.

By Matt Kapko • Dec. 12, 2023