California’s Record CCPA Settlement with Healthline Highlights Enforcement of Purpose Limitation, Article Title Sensitivity, and Contractual Shortcomings

Healthline agreed to a record $1.55 million CCPA settlement after California’s Attorney General found the company unlawfully shared sensitive article titles and failed to honor consumer opt-outs or maintain compliant contracts with advertisers. California Attorney General Rob Bonta’s $1.55 million settlement with Healthline Media LLC stands as the largest enforcement action under the California Consumer …

Read more California’s Record CCPA Settlement with Healthline Highlights Enforcement of Purpose Limitation, Article Title Sensitivity, and Contractual Shortcomings

alt=""

Court-Ordered Data Retention: OpenAI’s ChatGPT Chat Log Preservation and the Privacy Dilemma

A recent federal court order demands that OpenAI preserve all ChatGPT user logs—including those users have requested to delete—for an indefinite period, in response to ongoing litigation involving The New York Times. This unprecedented mandate clashes with OpenAI’s privacy policies and user expectations, raising significant concerns about data protection rights, especially under regulations like the …

Read more Court-Ordered Data Retention: OpenAI’s ChatGPT Chat Log Preservation and the Privacy Dilemma

Navigating AI Vendor Contracts Protecting Your Data and IP Amidst AI Training Concerns

Navigating AI Vendor Contracts: Protecting Your Data and IP Amidst AI Training Concerns

As artificial intelligence (AI) rapidly integrates into a vast array of vendor offerings, from consumer-facing chatbots to enterprise knowledge management solutions, companies face a critical need to scrutinize the contractual terms governing these powerful tools meticulously, among other relevant AI legal considerations. The proliferation of AI functionality necessitates a heightened focus on how vendor agreements …

Read more Navigating AI Vendor Contracts: Protecting Your Data and IP Amidst AI Training Concerns

A Guide to Data Privacy Compliance and Consent Management Platforms

A Guide to Data Privacy Compliance and Consent Management Platforms

In an era of complex and evolving data privacy regulations like the GDPR and CCPA, businesses increasingly rely on specialized software to manage broader privacy compliance and honor user consent. Data privacy compliance management platforms offer a suite of tools to help organizations navigate these challenges, automate processes, and build trust with their customers. These …

Read more A Guide to Data Privacy Compliance and Consent Management Platforms

The General Data Protection Regulation (GDPR) - RICHT FIRM

The General Data Protection Regulation (GDPR)

On May 25, 2018, the General Data Protection Regulation (GDPR), a broad-ranging European Union regulation governing data protection and privacy, went into effect, changing the privacy regulatory framework in monumental ways. It continues to make its mark by acting as a template for new privacy laws and imposing challenging compliance requirements on organizations of all …

Read more The General Data Protection Regulation (GDPR)

The AI Risk Horizon: A Legal Perspective on Emerging Threats and Compliance

The AI Risk Horizon: A Legal Perspective on Emerging Threats and Compliance

Artificial intelligence (AI) is rapidly transforming industries and daily life, offering immense potential for innovation and efficiency. However, this powerful technology brings with it a complex web of emerging risks and AI legal compliance challenges that organizations must navigate. As AI capabilities develop at an unprecedented pace, understanding and mitigating these risks is crucial for …

Read more The AI Risk Horizon: A Legal Perspective on Emerging Threats and Compliance

Coinbase Confronts Extortion Attempt After Insider-Facilitated Data Breach

Coinbase Confronts Extortion Attempt After Insider-Facilitated Data Breach

Cryptocurrency exchange Coinbase recently revealed it was the target of an extortion scheme following a data breach orchestrated by malicious actors who recruited some of the company’s overseas contract support agents. This incident was detailed by Coinbase in a blog post titled “Protecting Our Customers & Standing Up To Extortionists.” The attackers demanded $20 million …

Read more Coinbase Confronts Extortion Attempt After Insider-Facilitated Data Breach

Privacy Policies, Terms, and Beyond A Comprehensive Guide to Your Business's Essential Online Agreements

Privacy Policies, Terms, and Beyond: A Comprehensive Guide to Your Business’s Essential Online Agreements

In today’s digitally driven economy, online agreements form the critical legal backbone for businesses of all sizes and types. These documents are not mere formalities; they define relationships, manage risks, and ensure compliance in an increasingly complex regulatory environment. While nearly every website or application requires a Privacy Policy and Terms and Conditions, the specific …

Read more Privacy Policies, Terms, and Beyond: A Comprehensive Guide to Your Business’s Essential Online Agreements

Navigating the New DOJ Rule Restrictions on Sensitive U.S. Data Transfers to Countries of Concern

Navigating the New DOJ Rule: Restrictions on Sensitive U.S. Data Transfers to “Countries of Concern”

A new Department of Justice (DOJ) rule, effective April 8, 2025, significantly restricts or prohibits U.S. companies from transferring bulk U.S. sensitive personal data and government-related data to “countries of concern” and “covered persons”. This rule, titled “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” implements …

Read more Navigating the New DOJ Rule: Restrictions on Sensitive U.S. Data Transfers to “Countries of Concern”