As we kick off a new year, may we at Taft be the first to wish you a happy Data Privacy Day! Yes, it is a thing. In the spirit of the Day, we thought of sharing ten things you may or may not know about privacy and maybe ways you can protect it better. Continue Reading Privacy: Ten Things to Know
Enforcement activity surged in 2025, with landmark judgments and settlements—some reaching eight and nine figures—targeting issues such as ad tracking, analytics, wiretapping, text messaging, data subject rights, and sensitive data collection. This aggressive trend shows no signs of slowing as we move into 2026.
Taft continues to help its clients find the correct answers in their context for addressing these risks. Building on our year-end post, here are some issues you may want to consider as you take on the new year.Continue Reading Your 2026 Privacy, Security, and Artificial Intelligence Checklist
Special thanks to Taft Summer Associate Richard Roediger for his significant contributions to this post.
On May 20, 2025 Ohio Rep. Adam Mathews (District 56) and Ohio Rep. Haraz N. Ghanbari (District 75) introduced Ohio House Bill 283 (the Act), legislation that requires political subdivisions within the state to enact cybersecurity programs. In Ohio, a “political subdivision” is a county, township, municipal corporation, or other body corporate and politic responsible for governmental activities in a geographic area smaller than the whole state.
The Act’s language was incorporated in its entirety into Ohio’s state budget bill passed on June 30, 2025.Continue Reading Ohio Budget Bill Requires Counties, Townships, and Cities to Enact Cybersecurity Program by September 29
Last week, I had the privilege to attend one of the Midwest’s largest artificial intelligence conferences dedicated to AI developers, users, and enthusiasts: Cincy AI Week. During the three-day event, which brought together over 950 local professionals, I spoke on a panel entitled “Managing Risk in the Age of AI and Automation.”
Here are six important observations I shared during that panel:Continue Reading Cybersecurity in the Era of Generative and Agentic AI: Six Observations
On April 11, 2025, North Dakota Governor Kelly Armstrong signed HB 1127 (the Act) into law.
The Act, which takes effect on August 1, 2025, establishes new data security requirements for certain financial institutions and nonbanking financial service providers. In addition, the Act amends multiple sections related to financial institution licensing and oversight.Continue Reading North Dakota Governor Signs Cybersecurity Governance Law for Financial Institutions
The Google Threat Intelligence Group revealed a chilling reality: nation-states are weaponizing AI tools like Gemini for sophisticated cyberattacks. This new frontier of AI-powered fraud demands immediate attention from business leaders and general counsel, who stand at the confluence of technology, data security, and governance.
Recent Incidents and the Evolving Sophistication of These Attacks
Generative AI, like the tools used by these cybercriminals, can create highly convincing text, images, voice recordings, and even video interactions that are nearly impossible to distinguish from genuine content. In the report Adversarial Misuse of Generative AI, the Google Threat Intelligence Group explains how more than 20 countries have used Google’s generative AI tool named Gemini for nefarious purposes, including cyber espionage, destructive computer network attacks, and attempts to influence online audiences in a deceptive, coordinated manner.Continue Reading AI-Powered Fraud: Immediate Action Steps to Protect Companies from Next-Generation Payment Scams
With Cyber Monday 2024 in the rear-view mirror, we are looking at one of the hot topics in data-privacy and cybersecurity litigation: the Video Privacy Protection Act.
Recent years have seen an uptick in lawsuits asserting violations of the VPPA by companies that host video content on websites or mobile apps and then share information about the individuals who watched those videos with other businesses.
While the companies have experienced some success in getting VPPA claims dismissed, the Second Circuit recently reinstated a putative class action asserting VPPA violations against the NBA that may breathe new life into VPPA claims. Salazar v. National Basketball Association, No. 23-1147 (2d Cir. Oct. 15, 2024). But is the worry about VPPA class actions overblown?Continue Reading Video Privacy Protection Act Claims – Maybe Not a Slam Dunk After All
Hard to believe, but 2025 will be here before you know it. And what goes best with a new year? A countdown list!
Last week, I spoke at the Dayton Bar Association’s Corporate Counsel Section on the topic of the Top 10 legal technology issues that in-house counsel should have on its radar for 2025. Continue Reading Top 10 Technology Issues to Watch for in 2025
On January 27, 2025, the Federal Communications Commission’s (FCC) new one-to-one consent requirement will go into effect. For background, the FCC published its final rule targeting and eliminating unlawful text messages under the Telephone Consumer Protection Act (TCPA) on January 26, 2024 (the Final Rule). Among other requirements and purposes, this Final Rule sought to close the “lead generator loophole.” Continue Reading FCC’s 1-to-1 Consent Requirement for Marketing Text Messages
Special thanks to Taft summer associate Tanner Wilburn for his significant contributions to this post.
On July 12, 2024, the European Union’s Artificial Intelligence Act (AI Act) was published in the EU Official Journal.
This comprehensive legislation establishes the first risk-based regulatory framework for AI systems, with far-reaching implications for businesses using AI. The AI Act is effective August 2, 2024, with the enforcement of the majority of its provisions commencing on August 2, 2026.
Continue Reading The EU AI Act – What Businesses Need to Know