We recently drafted an article that discussed court decisions that reached very different conclusions about how the attorney-client privilege and work product doctrine apply to materials submitted to and created by generative AI (GenAI) tools. A recent decision from the U.S. District Court for the Southern District of New York, United States v. Heppner, underscores
Data Protection Report
Data protection legal insight at the speed of technology
Blog Authors
Latest from Data Protection Report
Celebrating Global Information Governance Day: Why information governance matters more than ever
Happy Global Information Governance Day!! Today we celebrate information governance and raise awareness of how to manage data, balance risks and build a culture focused on good data hygiene.
Working with large and small companies around the world, we have observed that all organizations are managing more and more data. This data growth is exponential,…
Privacy Day 2026: Why trust is the new competitive advantage
Every year, Privacy Day gives organizations a moment to pause and reflect on how rapidly the data landscape is shifting, but 2026 feels different. The conversation has moved beyond compliance checklists and breach headlines. Privacy is moving beyond legal, shaping customer expectations, regulatory strategy, and even the pace of innovation. Today, even business teams are…
Agentic AI: the ICO’s early thoughts on the data protection implications
The ICO has kicked off 2026 with sharing its early thoughts on the data protection implications of agentic AI in its ICO tech futures: Agentic AI report. The report considers the novel data protection risks presented by agentic AI. It also considers how adoption could impact the risks and the effect that will have…
Happy e-Discovery Day
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point formally recognizing electronically stored information (ESI) as a central component of modern legal discovery.
As…
Update: CISA 2015 is reauthorized until January 2026
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been temporarily reauthorized as part of the broader legislation passed on November 12, 2025, to reopen the federal government. Under the appropriation legislation, CISA 2015 is now reauthorized until January 30, 2026.
As previously discussed in details on this blog, CISA 2015 expired at…
Changes to EU and UK data protection law – a tale of two GDPRs?
The EU Commission recently held a call for evidence on “simplification” of legislation in the data, cybersecurity, and AI space, ahead of a “Digital Omnibus” Act. These changes look to make the EU’s digital rulebook more innovation-friendly, supporting the Commission’s Competitiveness Compass.
The Commission is due to present its simplification proposals on 19 November. Ahead…
NYDFS releases guidance on third-party service provider risks
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not offering financial services, given NYDFS’ comment that the guidance is intended to “recommend industry best…
Happy Cyber Awareness Month
Happy October and Cyber Awareness Month! While October ends with ghosts and goblins and other scary monsters for Halloween, the entire month of October is dedicated to raising awareness of cyber security and preventing (and if necessary responding to) cyber security incidents.
It is hard in this day and age not to be aware of…
Italy’s Law No. 132/2025 on Artificial Intelligence
On September 23, 2025, Italy adopted Law no. 132/2025 on Artificial Intelligence (AI). The law will enter into force on 10 October 2025 and aims, inter alia, to complement the Regulation EU 2024/1689 (EU AI Act).