As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S. Department of Labor has published an update to its guidance initially issued in April 2021 on cybersecurity best practices for plan sponsors and fiduciaries.  

On April 16, attorneys general from seven states and a state agency announced that they were forming the Consortium of Privacy Regulators, a new effort to better protect consumers’ privacy.

Consumers have been trading their DNA for a personal genetic history lesson with 23andMe since 2007. The company has since become extremely popular and has collected a trove of genetic information relating to more than 14 million people. But in March 2025, 23andMe filed for Chapter 11 bankruptcy due to ongoing financial struggles and data privacy concerns after the company experienced a major data breach involving approximately 6.9 million customers and resulting in a $30 million settlement.

The Constangy Cyber Team continues to grow with the addition of three outstanding new attorneys, allowing us to quickly and effectively respond to our clients' data privacy and cybersecurity needs. Please join us in welcoming Lynda Jensen, Brett Swanson, and Steven Morris to the Constangy Cyber Team. Each brings a wealth of knowledge and experience, underscoring our commitment to providing top-tier legal counsel.

The California Invasion of Privacy Act continues to be a focal point for privacy litigation, particularly concerning website tracking practices. A recent case, Gabrielli v. Insider Inc. sheds new light on whether collecting and sharing an IP address violates the law.

With the number of data breaches increasing each year, it’s becoming more important to know what personal data you have and where you have it. On personal or even work devices, you may be surprised at how much of your data is just waiting to be taken advantage of by a bad actor.

Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13, 2024, Chile’s new Personal Data Protection Law takes effect on December 1, 2026.

Cryptocurrency exchanges continue to be a target of hackers – and theft is the prize.

In a significant move to regulate the growing impact of artificial intelligence, Oregon lawmakers recently passed Senate Bill 1571, requiring campaigns to disclose when they use AI to manipulate audio or video images, including deepfakes, to influence voters.  Although SB 1571 applies only to political campaigns, the Attorney General has issued guidance that may be helpful to businesses seeking to minimize their legal risks in connection with the use of AI.

The Constangy Cyber Team continues to grow with the addition of five outstanding new attorneys, allowing us to quickly and effectively respond to our clients' data privacy and cybersecurity needs. Please join us in welcoming Ryan Steidl, Lindsey Smith, Rob Yang, Matthew Basilotto, and Seth Greenwald to the Constangy Cyber Team. Each brings a wealth of knowledge and experience, underscoring our commitment to providing top-tier legal counsel.