Emerging issues in data breach litigation: Duty of care under Georgia law
11/19/25
By: Jacob Berlinger and David Cole
Beyond the familiar challenges of establishing standing and proving injury from a data breach, courts are increasingly grappling with threshold questions about the viability of plaintiffs’ legal theories. One recurring issue is whether—and to …
Hillsdale decision extends VPPA to free, educational content
11/17/25
By: Michael Brown and Emily Mayfield
A recent decision by the U.S. District Court for the Western District of Michigan has expanded the interpretation of who may qualify as a “video tape service provider” under the Video Privacy Protection Act …
AI-powered cyber threats: What everyone needs to know
11/6/25
By: Jason G. Weiss
A new report from Anthropic, a leading Artificial Intelligence (AI) company, highlights a troubling development in the cybersecurity landscape: threat actors are now using AI to automate nearly every step of a cyber extortion scheme. …
CCPA/CPRA amended regulations approved and effective January 1, 2026
9/25/25
By: Danielle A. Ocampo
The California Office of Administrative Law (OAL) approved the most recent amendments to the CCPA regulations to take effect January 1, 2026.
How Did We Get Here?
The California Consumer Privacy Act (CCPA) of 2018, effective …
“Juice jacking”: A hidden cyber threat in public charging stations
9/23/25
By: Jason G. Weiss
In today’s hyperconnected world, our mobile devices are lifelines for both personal and professional communication. When batteries run low, travelers often rely on the convenience of public-charging stations in airports, hotels, coffee shops and other high-traffic …
Congress ready to implement new cyber incident and ransomware payment reporting legislation
9/8/25
By: Michele B. Focht and Jason G. Weiss
Cybersecurity is about to take a more prominent position within the Federal government. In 2022, the United States Congress passed critical legislation that includes new cybersecurity provisions requiring critical infrastructure providers to …
Connecticut’s first CTDPA enforcement action – a critical reminder for businesses
7/30/25
By: Michael R. Brown and David A. Cole
The Connecticut attorney general announced its first public enforcement action under the Connecticut Data Privacy Act (“CTDPA”), resulting in an $85,000 settlement with TicketNetwork, Inc., for failing to comply with the law’s …
And we’re off! America’s AI action plan to win the AI race*
7/25/25
By: Danielle A. Ocampo
*Text below not written by AI!
We’ve come a long way since the race to space. The track is now set for the world’s race to AI dominance. To win this race, the White House …
7/21/25
By: Cory A. Chipman
Introduction
The Cybersecurity and Infrastructure Security Agency (CISA), through its Joint Cyber Defense Collaborative (JCDC), published the Artificial Intelligence (AI) Cybersecurity Collaboration Playbook (The Playbook)1 and a fact sheet2 on Jan. 14, 2025. The …
Consent becoming a forceful defense at the motion to dismiss stage in privacy claims
7/2/25
By: Justin J. Boron and Michael R. Brown
In data privacy litigation, consent has traditionally been a fact-heavy issue decided at later stages of litigation. But recent rulings from federal courts suggest that this may be changing. In a shift …
6/24/25
It’s official: There’s a new sheriff in town when it comes to regulating the wild west of AI Governance that will arguably be the toughest in the nation. Texas Governor Greg Abbott signed the Texas Responsible AI …
Data doesn’t disappear. It just goes dark
6/12/25
Personally identifiable information, protected health information and other sensitive data don’t go into a black hole after they’re stolen. It goes on the Dark Web, which has become a reliable repository of PII and PHI. The …