Although the GDPR is silent on how organizations should assess and quantify risk, certain trends emerge from the sections where risk does appear that will guide organizations in implementing a ...

These templates are provided to assist privacy professionals in conducting TIAs.

The U.S. state of Iowa is no stranger to privacy bills. Since its first attempt in 2020, the state's legislature has repeatedly proposed and considered comprehensive consumer data privacy legislation.

This post analyzes CPRA's categories of sensitive personal data, company obligations, whether CPRA is a good model for regulating sensitive personal data.

While only a few jurisdictions have passed laws specific to artificial intelligence governance, the regulatory application of existing laws to the governance of AI technologies has happened at a much ...

The Data Care Act of 2023, sponsored by Sen. Brian Schatz, D-Hawaii, imposes various duties — a duty of care, duty of loyalty and duty of confidentiality — on online service providers. The duty of ...

The IAPP has compiled a sample job description by combining and modifying those available online to help organizations fill the role of privacy engineer.

Despite that, a lot has been said about similarities between the GDPR and CCPA and still more about significant differences. Understanding third parties and related requirements is where practical ...

Littler Mendelson's Zoe Argento analyzes data protection issues for employers using generative AI services.

The Belgian DPA fined IAB Europe 250,000 euros ruling its Transparency and Consent Framework does not comply with several GDPR provisions.

This glossary provides definitions and explanations for some of the most common terms related to AI governance.

How does the service-provider exception play out in practice? Website-hosting provider A website-hosting provider would be a logical vendor to consider as a service provider, depending on the ...