In 2024, Colorado passedthe first comprehensive state-level law in the U.S. regulating the use of artificial intelligence, the Artificial Intelligence Act (the Act). It imposed strict requirements on developers and users of “high-risk” AI systems, particularly in sectors like employment,
Workplace Privacy, Data Management & Security Report
Blog Authors
Latest from Workplace Privacy, Data Management & Security Report
District Court Upholds Browsewrap Agreements in Pennsylvania Wiretap Class Action
Online retailer Harriet Carter Gifts recently obtained summary judgment from the district court in a class action under Pennsylvania wiretap law. At the heart of this case is the interpretation and application of the Pennsylvania Wiretapping and Electronic Surveillance Control…
Florida Bar Urges Law Firms to Adopt Incident Response Plans: A Call to Action for Legal Professionals

In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to better prepare for and respond to…
Virginia’s Governor Vetos AI Bill
On March 24, 2025, Virginia’s Governor vetoed House Bill (HB) 2094, known as the High-Risk Artificial Intelligence Developer and Deployer Act. This bill aimed to establish a regulatory framework for businesses developing or using “high-risk” AI systems.
The Governor’s…
Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers
On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health Fitness Corporation (Health Fitness), a…
Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to the Security Rule under…
A Brief Reminder About the Florida Information Protection Act
According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including the…
California’s Proposed Location Privacy Act: A Potential Game-Changer for Tracking Location of Individuals

Businesses that track the geolocation of individuals—whether for fleet management, sales and promotion, logistics, risk mitigation, or other reasons—should closely monitor the progress of California Assembly Bill 1355 (AB 1355), also known as the California Location Privacy Act. If passed,…
Are Employees Receiving Regular Data Protection Training? Are They AI Literate?

Employee security awareness training is a best practice and a “reasonable safeguard” for protecting the privacy and security of an organization’s sensitive data. The list of data privacy and cybersecurity laws mandating employee data protection training continues to grow and…
Class Certification Granted – California Website Tracking Lawsuit Reminds Businesses about Notice Risks
A California federal district court recently granted class certification in a lawsuit against a financial services company. The case involves allegations that the company’s website used third-party technology to track users’ activities without their consent, violating the California Invasion of…