On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit, which consolidated three interlocutory appeals, issued a significant ruling in Clay v. Union Pacific Railroad Co., that resolves the question of whether Illinois’s 2024 amendment to the Biometric Information Privacy Act (“BIPA”) applies retroactively to cases pending when it was enacted.[1]
Password Protected Blogs
Latest from Password Protected
Federal Court Blocks IPEDS Reporting Deadline for Public Universities in 17 States
On Friday, April 3, 2026, the U.S. District Court for the District of Massachusetts preliminarily enjoined the Trump administration from requiring public colleges and universities in 17 states to submit seven years’ worth of Integrated Postsecondary Education Data System (IPEDS) Admission and Consumer Transparency Supplement (ACTS) survey data. The reporting deadline for the members of
Cyberattacks on Higher Education Institutions Underscore Urgency of Regulatory Compliance
Colleges and universities should assess their cybersecurity compliance posture and incident response readiness and harden their networks as soon as possible in light of elevated threats.
Since June 2025, the Cybersecurity and Infrastructure Security Agency has cautioned that Iranian government-affiliated actors routinely target U.S. networks and internet-connected devices. The war in Iran and recent Iranian
White House Releases AI Legislative Recommendations—Congress Has the Blueprint, but Questions Remain
On March 20, 2026, the White House unveiled its National Policy Framework for Artificial Intelligence, providing a blueprint on legislative recommendations and urging Congress to act. It recommends that Congress create a unified federal standard to reduce the regulatory friction of competing state AI regimes, promote AI innovation, and develop an AI-ready workforce, while
CalPrivacy Ramps Up Privacy Enforcement
The California Privacy Protection Agency (CalPrivacy) is entering an aggressive new phase of privacy regulation and enforcement, of which companies doing business in California should be aware. CalPrivacy already brought enforcement actions against many companies, maintains over 100 active investigations and has signaled an increased pace of enforcement.
Protecting Employee Information From Tax Season Phishing Schemes
Overview
As we enter the 2026 tax filing season, organizations face a heightened risk of cyberattacks targeting employee information. Tax season is a busy time for cybercriminals, who ramp up efforts to trick businesses and individuals into sharing personal information. Bad actors can use stolen personally identifying information (“PII”) in a variety of harmful ways,
When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected
On Feb. 10, 2026, the U.S. District Court for the Southern District of New York held that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. The decision has important implications as clients and nonlawyers increasingly use generative AI tools to assess legal
Data Privacy Day 2026: What Changed on Jan. 1 — And What to Watch Next
Data Privacy Day offers a natural checkpoint to take stock of a fast‑moving legal landscape. As of January 1, 2026, several significant U.S. state privacy laws and regulatory updates are now live, with additional U.S. and global milestones queued up throughout 2026. Below we summarize important changes already in effect and highlight issues to monitor
FDA and EMA Provide Guiding Principles for AI in Drug Development
On Jan. 14, 2026, the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA) jointly released the “Guiding Principles of Good AI Practice in Drug Development,” a set of 10 high-level principles intended to steer the safe and responsible use of AI across the product lifecycle. While not formal industry guidance, the
SEC Voluntarily Dismisses Landmark Enforcement Action Against SolarWinds and its CISO
On November 20, 2025, the Securities and Exchange Commission and defendants SolarWinds Corp. and Timothy G. Brown filed a joint stipulation to dismiss with prejudice the SEC’s civil enforcement action pending in the Southern District of New York. The SEC would dismiss all claims concerning the conduct alleged in the SEC’s Amended Complaint and includes