• |

    Sep. 17, 2025

Updating Compliance Programs to Address the CPPA’s Regulations on ADMT and Risk Assessments

Over the past two years, the California Privacy Protection Agency (CPPA) has wrestled with drafting regulations on automated decision-making technology: how to define it; the requirements for businesses that use it; and how consumers can exercise their knowledge, access and opt-out data rights. The CPPA has now voted to finalize those rules along with regulations on how businesses should conduct risk assessments. In this guest article, McDermott Will & Schulte attorneys John Ying and Amy Pimentel break down the draft regulations’ key requirements, provide businesses with a roadmap to analyze whether they are in scope, and offer advice on building or updating compliance programs to address new obligations. See “California’s Pending Automated Decision-Making Technology Regulations Will Further Focus Consumers’ Attention on AI” (Feb. 5, 2025).

Practical Compliance Implications From NYDFS’ Healthplex Settlement

The New York Department of Financial Services (NYDFS) recent $2‑million settlement with Healthplex following an investigation conducted in the wake of a 2021 data breach highlights the financial, operational and reputation risks for all covered entities that fail to meet the stringent requirements of the NYDFS Cybersecurity Regulation. This article examines key aspects of the consent order and its compliance implications, with insights from enforcement specialists, including those who previously served in NYDFS roles, at BakerHostetler, Clifford Chance, Mayer Brown and Norton Rose Fulbright. See our two-part series “Amendment to NYDFS Cyber Regulation Brings New Mandates”: Governance Provisions (Dec. 13, 2023), and First Compliance Steps (Jan. 3, 2024).

Eight Tips for Building a Cross-Company Compliance Network

In-house compliance professionals need to be able to rely on support from elsewhere in the company, but garnering that support can take effort. To engage busy managers within the organization, compliance professionals must find effective methods for catching their attention and earning their trust. This article provides eight practical tips on how to build support for compliance throughout the company, with insights shared by panelists during a recent webinar hosted by Ground Truth Intelligence. See “Skills and Qualities of Effective Compliance Officers” (Jun. 18, 2025).

Global Cybersecurity Expert and Former FBI Senior Official Joins Baker McKenzie As Partner in D.C.

Baker McKenzie has welcomed cyber and national security lawyer Sumon Dantiki as a partner in its litigation and government enforcement practice and co-chair of the national security practice in Washington, D.C. He arrives from King & Spalding. For insights from Baker McKenzie, see “Pain Points and New Demands in AI Contracts” (Jun. 18, 2025); and “Cookie Compliance Lessons From the Todd Snyder Settlement” (Jun. 11, 2025).

Skadden Welcomes Back Don Vieira As Partner and Head of Tech Policy Practice in D.C.

Skadden has announced that Don Vieira has returned to the firm as a partner and chair of the tech policy practice in Washington, D.C. He rejoins from venture capital firm Sequoia Capital. For insights from Skadden, see “‘Everyone Wants to Speak to the CISO’ and Other Realities of Addressing Vendor Breaches” (May 14, 2025); and “Navigating Recent Changes to China’s Data Privacy Laws in Internal Investigations” (Jun. 19, 2024).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.