On April 18, 2018, the Canadian government published long-awaited Breach of Security Safeguards Regulations specifying the requirements for notifying the Office of the Privacy Commissioner...

On March 16, the D.C. Circuit issued a long-awaited decision in a challenge to the Federal Communications Commission's July 10, 2015 Declaratory Ruling and Order regarding...

With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website ...

On October 23, the FTC released new guidance on how the Children's Online Privacy Protection Act Rule may apply to audio recordings of children's voices collected by websites and online services.

On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S.

This recommendation acknowledges evolving business practices, the ubiquity of mobile devices and the necessity of remote access.

Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices.

With the first compliance deadline now less than two months away, the NYDFS has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies by publishing an update...

Effective July 23, 2017, Washington will join Illinois and Texas as the third U.S. state to impose statutory restrictions on how businesses collect...

In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents.

On May 17, 2017, the Office of Compliance Inspections and Examinations (OCIE) of the United States SEC issued a risk alert highlighting the importance of registered broker-dealers, investment advisers...

As noted in the 2017 BakerHostetler Data Security Incident Response Report, the enactment of the EU General Data Protection Regulation (GDPR) represents the most significant change...

On April 4, 2017, the Massachusetts Attorney General's office announced that it had settled with a digital advertiser following allegations the company was using geolocation technology to target ads to women visiting reproductive health facilities.

On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements...

On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college.