A California federal district court recently granted class certification in a lawsuit against a financial services company. The case involves allegations that the company’s website used third-party technology to track users’ activities without their consent, violating the California Invasion of
Workplace Privacy, Data Management & Security Report
Blog Authors
Latest from Workplace Privacy, Data Management & Security Report
Firings at the US Privacy and Civil Liberties Oversight Board and Potential Impact on Transatlantic Data Transfers
President Trump recently fired the three democrats on the Privacy and Civil Liberties Oversight Board (PCLOB). Since these firings bring the Board to a sub-quorum level, they have the potential to significantly disrupt transatlantic transfers of employee and other personal…
Happy Privacy Day: Emerging Issues in Privacy, Cybersecurity, and AI in the Workplace

As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel must navigate a rapidly evolving landscape of legal and…
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft

Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data. These situations can severely impact a business, especially when…
California Attorney General Issues Two Advisories Summarizing Law Applicable to AI

If you are looking for a high-level summary of California laws regulating artificial intelligence (AI), check out the two legal advisories issued by California Attorney General Rob Bonta. The first advisory is directed at consumers and entities about their rights…
New Jersey Attorney General: NJ’s Law Against Discrimination (LAD) Applies to Automated Decision-Making Tools
This month, the New Jersey Attorney General’s office (NJAG) added to nationwide efforts to regulate, or at least clarify the application of existing law, in this case the NJ Law Against Discrimination, N.J.S.A. § 10:5-1 et seq. (LAD), to…
FAQs for Schools and Persons Affected By the PowerSchool Data Breach

A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50 million students in the United States. According…
AI versus MFA
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find multifactor authentication (MFA) at or near the top of every list.…
Israel’s GDPR-like Legislation Set to Take Effect in 2025
In 2024, Israel became the latest jurisdiction to enact comprehensive privacy legislation, largely inspired by the EU’s General Data Protection Regulation (“GDPR”). On August 5, 2024, Israel’s parliament, the Knesset, voted to approve the enactment of Amendment No. 13 (“the…
Patient’s Request for Records Uncovers Dental Practice’s Ransomware Attack, Leading to $350K Settlement
The Indiana Attorney General Office (OAG) filed a detailed complaint on December 23, 2024 (Complaint) which arose out of the following patient complaint:
The OAG received a consumer complaint stating that the consumer had contacted Arlington Westend Dental on multiple…