On May 21, 2026, the New York Department of Financial Services (NYDFS) issued industry guidance to licensees regarding security measures they should consider taking “in a heightened cybersecurity threat environment.” Even organizations not subject to NYDFS regulation may want to
Colorado’s new AI governance law
We recently published an alert that highlights Colorado’s new artificial intelligence (AI) governance law. After X.AI sued to enjoin enforcement of Colorado’s first AI governance law and the federal government moved to intervene, the Colorado Attorney General agreed to temporarily
NYDFS Cybersecurity Enforcement: US$2.25m Fine Against Delta Dental
On April 30, 2026, the New York Department of Financial Services (NYDFS) announced a consent order with Delta Dental Insurance Company and Delta Dental of New York, Inc. for alleged violations of the NYDFS Cybersecurity Regulation relating to the 2023
How to approach governance of AI agents
Current approaches to agentic AI governance seem more focused on trying to apply governance after a system is developed, like a Band-Aid, instead of baking in reasonable governance and controls into the guts of the system. In the same way
HHS and state AGs fine ambulance firm over $500,000, require enhanced security, privacy, and data minimization practices
Earlier this year, the Attorneys General of Massachusetts and Connecticut entered into settlement agreements with Comstar, LLC, an ambulance billing firm, relating to alleged HIPAA regulation violations in connection with a ransomware incident. Comstar is a business associate under HIPAA
AI and privilege: Assessing recent court rulings
We recently drafted an article that discussed court decisions that reached very different conclusions about how the attorney-client privilege and work product doctrine apply to materials submitted to and created by generative AI (GenAI) tools. A recent decision from the
Celebrating Global Information Governance Day: Why information governance matters more than ever
Happy Global Information Governance Day!! Today we celebrate information governance and raise awareness of how to manage data, balance risks and build a culture focused on good data hygiene.
Working with large and small companies around the world, we have
New York’s algorithmic pricing law
On November 10, 2025, New York’s disclosure law on algorithmic pricing went into effect. This post will describe the law, a recent federal court case, and some potential effects, using precise geolocation data as an example.
The law
The law
Regulators, including FCC, emphasize third party vendor cybersecurity monitoring requirements
Many data breaches occur not at the company that controls or owns the data, but rather at the company’s third-party service providers or vendors. Regulators have noticed and have begun placing emphasis on a company’s obligation to monitor its service
Happy e-Discovery Day
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point