Workplace Privacy, Data Management & Security Report

Subscribe via RSS
Visit Blog
By: Jackson Lewis

Blog Authors

Maya Atrakchi
Phillip A. Baggett
Mary T. Costigan
Ena T. Diaz
Philip M. Duclos
Michelle L. Duncan
Kelly E. Eisenlohr-Moul
Eric J. Felsberg
Jason C. Gavejian
Michael A. Giarratano
Rachel A. Jacob
Joseph J. Lazzarotti
Jackson Lewis P.C.
Brian L. McDermott
Shannon Bettis Nakabayashi
Leo P. Norton
Melissa Pascualini
Christopher T. Patrick
Cecilie E. Read
Damon W. Silver
Ryan J. Soscia
Sierra Vierra

Latest from Workplace Privacy, Data Management & Security Report

If 2025 was the year website-tracking claims became impossible to ignore, 2026 is the year those cases began to mature. Courts are looking beyond whether a pixel, cookie, chat tool, or session-replay script was present on a site. Instead, they are focusing more closely on what data was collected, when it was collected, what disclosures users saw, whether consent was

A recent Inc. article highlights an unsettling controversy involving Delve, a Y Combinator-backed compliance startup, and allegations that strike at the heart of how organizations rely on SOC (System and Organization Controls) 2 reports which evaluate an organization’s internal controls over security, availability, and privacy.

According to the report, a whistleblower investigation alleges that Delve generated fraudulent audit reports, fabricated

When assisting businesses with the commercial aspects of the California Consumer Privacy Act, we advise them that this same law, with “consumer” in its name, also applies to data related to job applicants, employees, contractors, and other California state residents. Some are surprised, but we get to work addressing some nuanced issues, as some CCPA provisions do not neatly

Every so often a law that was passed years ago quietly becomes a present-day compliance reality. Section 24220 of the 2021 Infrastructure Investment and Jobs Act is one of those laws. Tucked into an eleven-hundred-page infrastructure bill with little public debate, the “kill switch law” as it has come to be known by some, awaits implementing regulations. The law has

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored group health plans are not

In recent years, many organizations have installed dashcams in their vehicles to improve safety and compliance, reduce costs, and better understand what’s happening in the field.  Dashcams can be extremely useful for these purposes, giving organizations visibility into risky driver behaviors and misuse of company property.  They can also lower insurance costs and provide valuable evidence in litigation.  To provide

A putative class action filed in December 2025 in the U.S. District Court for the Central District of Illinois offers a reminder that AI meeting assistant and transcription tools potentially carry significant legal exposure when organizations deploy them without appropriate governance guardrails in place. It also serves as a reminder to apply strong governance principles when evaluating and deploying these

On March 20, 2026, Oklahoma’s Governor signed Senate Bill (SB) 546, which establishes a consumer data privacy law for the state. Oklahoma’s law takes effect January 1, 2027.

To whom does the law apply?

The law applies to controllers (or processors) operating in the state and handling data for:

  • at least 100,000 consumers; or,
  • at least 25,000 consumers, while

U.S. organizations have long focused on federal requirements governing international data transfers. But a growing wave of state enforcement—particularly in Florida and Texas—signals that regulators are increasingly scrutinizing how companies move sensitive data outside the United States, especially when foreign adversaries may be involved. Recent developments suggest organizations should reassess their data flows, vendor relationships, and ownership structures to understand

In May 2023, Florida enacted a significant change to its health data laws. Senate Bill 264 amended the Florida Electronic Health Records Exchange Act restricting where certain patient data can be stored and accessed. Codified at Section 408.051(3) of the Florida Electronic Health Records Exchange Act, the change mandates that:

In addition to the requirements in 45 C.F.R. part