Privacy & Data Security

RSS Link

Artificial intelligence has quickly become part of the modern lawyer’s toolkit. Attorneys are using generative AI platforms to assist with legal research, drafting, editing, and document review. While these technologies can improve efficiency, a growing number of court filings across the country demonstrate a significant risk: AI-generated hallucinations, including fabricated case citations, nonexistent authorities, and inaccurate quotations.

Recent sanctions decisions

Key Takeaways

  • Outlines key considerations for businesses using productivity management and monitoring platforms – such as, Teramind, ActivTrak, and Insightful – and whether their use may require a CCPA risk assessment.
  • Identifies the specific CCPA risk assessment triggers most relevant to such productivity technologies.

Productivity management and monitoring platforms have become a fixture of the modern workplace—particularly for remote and

A recent federal court decision offers important lessons for businesses that use cookies, pixels, and other tracking technologies on consumer-facing websites. Although the court dismissed one federal wiretap claim with leave to amend, it allowed other privacy claims to proceed, including claims under California’s pen register statute and common law intrusion upon seclusion.

The case involved allegations that a company’s

Key Takeaways

  • Analyzes whether recording customer service and sales calls triggers the CCPA’s new risk assessment requirements.
  • Identifies the specific CCPA triggers most relevant to call recording, particularly when AI analytics are applied to recordings.
  • Notes related obligations under state wiretapping laws and other state privacy frameworks.

Recording customer calls is among the most common data collection practices in business.

Employers are increasingly using artificial intelligence and other algorithmic tools to support workplace decisions, including recruiting, screening, interviewing, promotion, workforce planning, and performance management. These tools can improve efficiency and consistency, but they also introduce important compliance, reputational, and employee-relations considerations. Two concepts that often arise in AI governance are bias audits and validation testing. Although related, they serve different

State breach-notification laws continue to evolve, and legislatures are using 2026 sessions to tighten consumer protections and shift the civil liability landscape that often follows a cyber event.

For businesses, the practical takeaway is that incident response planning increasingly needs to account not only for “whether notice is required,” but also for hard timelines, regulator-facing deliverables, and the cost of

Takeaways

Educational Institutions use Software as a Service platforms to facilitate operations, but doing so carries significant risk that needs to be carefully managed. Strong vendor oversight, tight contracts, and incident response planning are critical to protecting personal data down the chain.

Related links

Five Privacy Issues Higher Education Institutions Should Consider Monitoring

FAQs for Schools and Persons Affected By

The governor of Alabama recently signed House Bill 351, which establishes a consumer data privacy law for the state. The law takes effect May 1, 2027.

To whom does the law apply?

The law applies to controllers that conduct business in Alabama or produce products or services targeted to Alabama residents, if they either:

(1) control or process the

Key Takeaways

  • Examines how AI-driven hiring and applicant screening tools interact with the CCPA’s new risk assessment requirements.
  • Identifies the CCPA risk assessment triggers most likely to apply—including automated decision-making and systematic observation of applicants.

Artificial intelligence has made significant inroads into the hiring process. Employers increasingly rely on AI-driven tools to screen resumes, analyze video interviews, administer automated assessments,

Service providers often receive or access a customer’s personal information when performing contracted services. In the employment context, service providers may include payroll processors, Human Resource Information System (HRIS) or Applicant Tracking System (ATS) platforms, outsourced IT support, data storage, AI tool providers, or security services.

Under the EU and UK General Data Protection Regulations (GDPR), an employer (data controller)