Photo of John Pavolotsky

John Pavolotsky

Subscribe to John Pavolotsky's Posts

John Pavolotsky focuses his practice on data privacy, security matters, complex technology transactions. On privacy and security matters, John advises a broad range of clients on general compliance, use of new(er) technologies such as artificial intelligence (AI), data incidents, and breach response. On technology transactions matters, John assists clients with technology licensing, collaboration and joint development agreements, and cloud (XaaS) services agreements, among others. In addition, John advises clients in privacy, cybersecurity, and intellectual property matters in mergers and acquisitions (M&A) transactions. Click here for John Pavolotsky's full bio.

Contact:Read more about John Pavolotsky

Some technology articles age well. Here’s one on the HIPAA Security Rule: https://www.stoelprivacyblog.com/2025/01/articles/hipaa/a-deeper-dive-into-the-proposed-modifications-to-the-hipaa-security-rule/. The proposed modifications to the HIPAA Security Rule, published in the Federal Register on January 6, 2025, are still not in final form. The final action is expected next month. Once in final form, I will publish another article. As the

With the RSA Cybersecurity Conference right around the corner from our office in San Francisco, it seems only fitting that the March article focuses on cybersecurity. Long gone are the halcyon days of 1991, when the RSA Conference first started. In the fast-moving world of cybersecurity, 2011, or even 2021, feels antiquated. Hackers seem to

Agentic AI refers to AI systems that can independently plan, decide, and act toward a goal across multiple steps, often invoking tools, APIs, or other systems without continuous human prompting. Unlike traditional generative AI—which produces content in response to a user prompt—agentic AI systems execute workflows, make decisions based on context, and adapt their behavior

In the world of AI, a month is an eternity. In my last article (https://www.stoelprivacyblog.com/2025/06/articles/ai/ai-legislative-developments-early-days-or-tipping-point/), just over a month ago, I wrote about the much-discussed proposed 10-year moratorium on the enforcement of state AI laws. Ultimately, the Senate voted against it, and the House passed the Senate version of the tax and spending

If tracking AI legislation is giving you whiplash, you’re not the only one.

In February, I wrote about the 24-Hour AI News Cycle: https://www.stoelprivacyblog.com/2025/02/articles/ai/the-24-hour-ai-news-cycle-keeping-up-with-legal-and-regulatory-developments/. February is ancient history, and the AI news cycle has become even further compressed since then.

Now, at the end of June, we stand at a crossroads. H.R. 1 (“One

On May 7, 2025, Utah became the first U.S. state to enact a law requiring app store providers and developers to verify users’ ages and obtain verifiable parental consent for minors to download apps or make in-app purchases. Senate Bill 142, the App Store Accountability Act (the “Act”), sets forth specific compliance obligations for both

In the beginning of March, I gave a presentation on AI legal developments. One of the attendees astutely pointed out that the current legal framework seems to focus on B2C use cases. I agreed. The focus is consumer protection. About 10 days later, I spoke at an AI contracting livestreaming event. Preparing for it gave

AI is evolving at a breakneck pace, making it increasingly difficult for businesses and legal professionals to track critical developments. Whether you’re an AI model developer, deployer, investor, or infrastructure provider, staying informed on AI’s risks and benefits requires a strategic approach. This article explores key AI regulatory trends and offers a framework for organizations

In our earlier post, we wrote:

“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265 incidents had been reported. On December 27, 2024, the Office of Civil Rights at HHS issued

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.