Happy February 20th and Information Governance Day! Today is an opportunity to reflect on the evolution of information governance and, more importantly, its future. In our view, information governance is in its ascendency and is only becoming more and
New York changes data breach law—in December and February
New York just finished a series of adjustments to its data breach notification requirements. Effective immediately, organizations must notify impacted individuals of a data breach within 30 days of its discovery instead of “in the most expedient time possible and…
FTC settlement requires disconnection of hardware from all no longer supported software


On January 16, 2025, the FTC announced a proposed complaint and consent agreement with one of the largest hosting companies in the world: GoDaddy. According to the complaint, the FTC found GoDaddy’s security practices “unreasonable for a company of its…

The Commission’s guidelines on AI systems – what can we infer?



The EU’s AI Act imposes extensive obligations on the development and use of AI. Most of the obligations in the AI Act look to regulate the impact of the specific use cases on health, safety, or fundamental rights. These sets…
CJEU Advocate General clarifies when pseudonymised data falls outside the definition of personal data


On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board…
US Dept of Health proposes Security Rule amendments that includes new deadlines
On December 27, 2024, the United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve data protection measures in the healthcare sector.
Learn more about the…
Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services
Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by…

FTC finalizes COPPA rule amendments
On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a…
$3 million HIPAA Settlement


On January 14, 2025, the U.S. Department of Health and Human Services (“HHS”) entered into a settlement agreement relating to alleged HIPAA regulation violations with Solara Medical Supplies LLC, a direct-to-consumer distributer of continuous glucose monitors, insulin pumps, and other…
New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024



On 24 December 2024, Malaysia’s Minister of Digital stipulated the dates on which the provisions of the Malaysian Personal Data Protection (Amendment) Act 2024 (Amendment Act) will come into force. The Amendment Act will take effect in three…