A recent decision by Hungary’s Data Protection Authority (NAIH) offers a deceptively modest outcome, a €5,000 fine, but sends a much stronger signal on the evolving expectations around data minimization
Continue Reading Data Minimization Under Scrutiny: Hungarian DPA Decision Signals Risk for U.S. EmployersGDPR Processing Begins at the Data Request: What a Spanish Supreme Court Decision Signals for U.S. Privacy Compliance
Data processing begins even before the data is received. A recent ruling of the Supreme Court of Spain clarifies the scope of GDPR obligations and the implications extend to the
Continue Reading GDPR Processing Begins at the Data Request: What a Spanish Supreme Court Decision Signals for U.S. Privacy ComplianceFTC’s New Strategic Plan: Reports of the Death of FTC Privacy Enforcement Have Been Greatly Exaggerated
The FTC just published its Strategic Plan for FY 2026–2030. What does it actually mean for privacy compliance? Quite a lot, as it turns out. Here’s a breakdown.
Telemarketing
Continue Reading FTC’s New Strategic Plan: Reports of the Death of FTC Privacy Enforcement Have Been Greatly ExaggeratedWhat Hospitality HR, Operations and Leadership Need to Know About Data Privacy and AI
As hospitality businesses increasingly rely on digital tools, automation, biometrics, and AI‑enabled services, their collection and use of personal data has expanded significantly. With that expansion comes a corresponding rise
Continue Reading What Hospitality HR, Operations and Leadership Need to Know About Data Privacy and AITRUMP America AI Act Bill Sets Direction for Future US AI Regulation
On March 18, 2026, Senator Marsha Blackburn (R-TN) introduced the TRUMP AMERICA AI Act: formally, The Republic Unifying Meritocratic Performance Advancing Machine Intelligence by Eliminating Regulatory Interstate Chaos Across
Continue Reading TRUMP America AI Act Bill Sets Direction for Future US AI RegulationHIPAA, but for non-Covered Entities?
New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act
Continue Reading HIPAA, but for non-Covered Entities?The Ethical Use of AI and the DOL: What You Need to Know
The U.S. Department of Labor recently released new principles on the ethical use of artificial intelligence.
Here are some of the things we are working on with employers and
Continue Reading The Ethical Use of AI and the DOL: What You Need to KnowThe Elements of Profiling
- This is the analysis of information about/regarding a person.
- The definition is
A Helpful Guide on Data Processing Consent
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but
Continue Reading A Helpful Guide on Data Processing Consent
Cross Border Complaints: What You Need to Consider
Here are a few things to consider in a cross border complaint, according to the International Association of Privacy Professionals’ Data Protection Congress panel with Isabelle Vereecken of the European
Continue Reading Cross Border Complaints: What You Need to Consider