Adopt security policies that protect both the organization and consumers’ interests (for more information, see Developing Information Security Policies (US) on Practical Law).

Collects and uses customer or employee personal information. Participates in an industry sector that is considered high risk or critical infrastructure. Offers securities as a publicly traded company.

Part of the reason for the state involvement is that the federal government often is not enacting laws on these subjects, Morrison & Foerster's Andrew Serwin says. Many state governments have been ...

Keeping up with new privacy and cybersecurity laws has proved challenging for enterprises, many of which struggle to understand which laws even apply to them. Artificial intelligence (AI) complicates ...

Furthermore, enlisting the help of information security experts, engaging the technical folks as part of the training and gathering all employees at all levels go far to ensure a security-aware ...

Data privacy regulations such as the EU’s General Data Protection Regulation and California’s Consumer Privacy Act have fundamentally changed how organizations ...

Privacy and data security laws govern how organizations collect, handle, and protect personally identifiable information (PII) to ensure it is properly processed and ...

When Connecticut Attorney General William Tong described granting the Department of Government Efficiency (DOGE) access to Treasury Department records as potentially the largest data breach in ...

Artificial intelligence (AI), particularly generative AI, thrives on vast amounts of data, fueling AI capabilities, insights, and predictions. But with this reliance on data comes potential privacy ...