Photo of Bryan Ramirez

Bryan Ramirez

Bryan Ramirez is an associate in the firm’s San Francisco office and is a member of the Data Privacy and Cybersecurity Practice Group. He advises clients on a range of regulatory and compliance issues, including compliance with state privacy laws. Bryan also maintains an active pro bono practice.

Contact:Read more about Bryan RamirezEmail

Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.

Background

HB

Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations

On May 27, 2026, the Connecticut governor signed SB 4, an omnibus privacy law, which among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on the use of price setting devices and surveillance pricing, and creates requirements for direct-to-consumer genetic testing companies.

Continue Reading Connecticut Enacts Omnibus Privacy Law

Earlier this month, the Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Security Agency and other international partners, released guidance for organizations on adopting agentic artificial intelligence systems (i.e., systems composed of one or more agents that fundamentally rely on an AI model, such as an LLM

Continue Reading CISA Releases Guidance on the Careful Adoption of Agentic AI Services

On May 26, 2026, the Cybersecurity & Infrastructure Security Agency (“CISA”), announced a revised schedule of virtual town halls as part of its rulemaking implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  These town halls were initially scheduled for March and April 2026 but were delayed by the lapse in funding for the Department of Homeland Security that ended on April 30, 2026, and are now scheduled to begin on June 15, 2026.  The “specific topics of interest” CISA highlighted in its original announcement remain unchanged.

Continue Reading CISA Announces Revised Schedule of Town Halls for CIRCIA Rulemaking

On April 1, 2026, the Seventh Circuit in Clay v. Union Pacific Railroad Company held that an amendment to the Illinois Biometric Information Privacy Act (BIPA), limiting damages to a per-person basis, applies retroactively to cases pending when the amendment was enacted in 2024. This decision limits the potential statutory damages plaintiffs may obtain for pending BIPA cases.

Continue Reading Seventh Circuit Holds that BIPA Amendment Applies Retroactively

On February 10, 2026, federal district court Judge Jed S. Rakoff ruled from the bench in the Southern District of New York that the attorney-client privilege and the work product doctrine did not protect legal strategy materials that a criminal defendant generated using a generative AI tool, when he used

Continue Reading AI and Legal Privilege: Key Takeaways from US v. Heppner

On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.

Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI

Continue Reading NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment