Earlier this year, the Attorneys General of Massachusetts and Connecticut entered into settlement agreements with Comstar, LLC, an ambulance billing firm, relating to alleged HIPAA regulation violations in connection with a ransomware incident. Comstar is a business associate under HIPAA
Introduction
The latest developments in the Middle East – marked by a significant surge in military activity and retaliatory strikes across the region – have been accompanied by a parallel intensification of cyber operations.
It is common in such situations
We recently drafted an article that discussed court decisions that reached very different conclusions about how the attorney-client privilege and work product doctrine apply to materials submitted to and created by generative AI (GenAI) tools. A recent decision from the
Even when stringent protective orders are in place, clients are often concerned that the sensitive information they are required to produce in litigation will end up being disclosed or used for improper purposes. Clients often ask whether the protective order
Happy Global Information Governance Day!! Today we celebrate information governance and raise awareness of how to manage data, balance risks and build a culture focused on good data hygiene.
Working with large and small companies around the world, we have
On February 11, 2026, California Attorney General Rob Bonta announced a $2.75 million settlement with The Walt Disney Company (“Disney”), the largest civil penalty to date under the California Consumer Privacy Act as amended by the California Privacy Rights Act
The False Claims Act (“FCA”), the U.S. federal government’s principal civil anti-fraud statute, imposes liability on entities that knowingly submit, or cause the submission of, false or misleading claims for payment to the United States. The FCA has long served
The 2026 opened with a notable decision by the European Court of Human Rights (ECtHR) in the case of Ferrieri and Bonassisa v. Italy.
The ECtHR found the violation of Article 8 of the Convention for the Protection
Every year, Privacy Day gives organizations a moment to pause and reflect on how rapidly the data landscape is shifting, but 2026 feels different. The conversation has moved beyond compliance checklists and breach headlines. Privacy is moving beyond legal, shaping
The ICO has kicked off 2026 with sharing its early thoughts on the data protection implications of agentic AI in its ICO tech futures: Agentic AI report. The report considers the novel data protection risks presented by agentic AI.