• |

    Dec. 17, 2025

A Streamlined Approach for Integrating New Requirements Into PIAs

Privacy impact assessments (PIAs) are a core function of any privacy office. They facilitate privacy by design, allow for proactive management of risk and fulfill obligations from a vast number of privacy laws around the world. As legal requirements change and new uses of data require new perspectives, the PIA will need to be honed. In this guest article, Privacy Ref senior consultant Benjamin Siegel discusses setting up the initial PIA for success and offers advice on how to add new legal requirements into the process without overcomplicating the assessments. See “Effective Use of Privacy Impact Assessments” (May 4, 2022).

Illuminate Settlements Signal Regulator Focus on Children’s Data

Illuminate Education’s recent settlements with the FTC and the AGs of three states over a data security incident show movement among state and federal enforcers to regulate the educational technology industry. The settlements include the first application of California’s and Connecticut’s student data privacy laws. This article analyzes the breach and settlement terms, noting lessons for companies and signs of future enforcement trends, with commentary from FTC experts at the Entertainment Software Ratings Board, Sheppard Mullin and Wilson Sonsini. See our three-part series “Children’s Privacy Grows Up”: Examining New Laws That Now Protect Older Teens (Jan. 15, 2025), FTC Amends COPPA Rule and Targets Data Sharing (Jan. 29, 2025), and Seven Compliance Areas for Protecting Teens” (Feb. 12, 2025).

Pervasive Flaws in PE Sponsors’ Cybersecurity Oversight of Portfolio Companies

As they navigate a fast-developing threat landscape, private equity (PE) sponsors must be strategic and consistent in how they oversee cybersecurity at their funds’ portfolio companies. Sponsors need to gain insight into the risks posed by a potential cybersecurity attack on those companies, and be equipped to address any gaps in security programs – either as to a specific company or across their entire portfolio. In an ACA Aponix program, managing director Greg Slayton, senior principal consultant Isaac Niedrauer and director Matt Grist summarized data collected through ACA’s analytical tools, and drew conclusions about PE sponsors’ cybersecurity budgets, staffing, practices and priorities. This article distills their insights. See “A Checklist to Help Fund Managers Assess Their Cybersecurity Programs” (Jul. 27, 2022).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.