FTC Cracks down on Kids’ Online Privacy Issues
January 27, 2026
A closer look at what the agency is prioritizing as new rules kick in and enforcement heats up This piece draws from remarks by FTC
Category: Governance Risk And Compliance
Governance, Risk, and Compliance (GRC) is a holistic framework that integrates three critical elements for organizational success.
• Governance establishes the foundation for effective decision-making and ensures that organizational activities align with its strategic objectives. It encompasses a robust system of internal controls, clear lines of authority and accountability, and ethical guidelines that guide employee behavior.
• Risk Management involves identifying, assessing, and mitigating potential threats to the organization. This includes a comprehensive evaluation of various risks, such as financial, operational, reputational, legal, and technological risks. By proactively identifying and addressing these risks, organizations can minimize potential losses, protect their assets, and ensure business continuity.
• Compliance ensures adherence to all applicable laws, regulations, and industry standards. This includes complying with data privacy regulations (e.g., GDPR, CCPA), financial reporting standards, environmental regulations, and industry-specific guidelines.
Captain Compliance provides valuable resources and expertise to help organizations understand GRC. Read the free educational material below about GRC from the compliance superheroes at Captain Compliance.
Beyond HIPAA: EPIC’s Blueprint for Confronting the Health Data Privacy Crisis
January 24, 2026
A deep dive into the Electronic Privacy Information Center’s landmark report on reimagining health data protections for equity and trust This analysis draws on the
Your Data Inventory Is Already Wrong
January 24, 2026
Let me tell you about Sarah, a privacy manager at a mid-sized fintech company. When I met her last year, she was three months into
Turning Privacy Into Protection: How Opt-Inspire Is Helping Seniors Outsmart Digital Scams
January 18, 2026
As artificial intelligence reshapes the internet, it is also reshaping fraud. Voice cloning, synthetic images, and increasingly convincing impersonation schemes have made online deception harder
The NYHIPA Veto: How Governor Hochul Chose Data Brokers Over 20 Million New Yorkers’ Health Privacy
January 15, 2026
Governor Kathy Hochul vetoed the New York Health Information Privacy Act after it passed the state legislature with overwhelming support—49-10 in the Senate, 16-3 in
China’s 2026 Draft App Privacy Regulations: CAC’s New Rules for Personal Information Collection and Use
January 13, 2026
China’s Cyberspace Administration of China (CAC) published a major new draft regulation on January 10, 2026, targeting how internet applications collect and use personal information.
Kentucky Attorney General Files First Enforcement Action Under New Consumer Data Privacy Law
January 13, 2026
Well that didn’t take very long with the new law passed on January 1st. Kentucky’s Attorney General has taken a landmark step in state privacy
Why Some Health Data Deserves Extra Protection
January 12, 2026
In conversations among privacy professionals, regulators, and healthcare technologists, one theme is becoming clearer: not all health data is created equal. While all health information
Bursor & Fisher’s Data Privacy Class Actions
January 8, 2026
Data privacy litigation is no longer a niche corner of consumer law. It is a repeatable, scalable class-action engine driven by a handful of statutes,
HIPAA Notice of Privacy Practices and NPP Template
January 7, 2026
In the complex landscape of healthcare privacy law, few documents carry as much practical and legal significance as the Notice of Privacy Practices (NPP). For
