Bryan Ramirez

Bryan Ramirez is an associate in the firm’s San Francisco office and is a member of the Data Privacy and Cybersecurity Practice Group. He advises clients on a range of regulatory and compliance issues, including compliance with state privacy laws. Bryan also maintains an active pro bono practice.

Contact:

AI and Legal Privilege: Key Takeaways from US v. Heppner

By Micaela McMurrough, Matthew Harden & Bryan Ramirez on March 8, 2026

Posted in Artificial Intelligence (AI)

On February 10, 2026, federal district court Judge Jed S. Rakoff ruled from the bench in the Southern District of New York that the attorney-client privilege and the work product doctrine did not protect legal strategy materials that a criminal defendant generated using a generative AI tool, when he used a public version of the tool and was not instructed by his attorney to generate these materials. On February 17, 2026, the court issued a written memorandum explaining its reasoning.

The question presented – an issue of first impression – was: “whether when a user communicates with a publicly available AI platform in connection with a pending criminal investigation, are the communications protected by attorney-client privilege or the work product doctrine?” The court’s answer was no given the unique circumstances of the case – namely, that no lawyer was involved in the back-and-forth with the AI tool, and the tool itself was a public (i.e., non-confidential) version.

Below, we summarize the background of the case, the decision, and key takeaways on AI and Legal Privilege.Continue Reading AI and Legal Privilege: Key Takeaways from US v. Heppner

New Jersey Enacts Amendment to its Comprehensive Privacy Law

By Libbie Canter, Lindsey Tonsager, Ariel Dukes, Bryan Ramirez & Clare Mathias on February 6, 2026

Posted in Privacy

On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law

NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

By Caleb Skeath, Micaela McMurrough, Alexandra Bruer & Bryan Ramirez on January 6, 2026

Posted in Artificial Intelligence (AI), Cybersecurity, Uncategorized

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”). According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.” The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI. This draft guidance will likely be familiar to organizations that already leverage the CSF 2.0 in their cybersecurity programs and might be complimentary to existing frameworks that organizations already have in place. Even so, the outcomes are designed to be flexible such that a range of organizations (with mature or novel programs) can leverage the guidance to help manage AI-related cybersecurity risk. Continue Reading NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

End-of-Year 2025 State and Federal Developments in Minors’ Privacy

By Lindsey Tonsager, Jenna Zhang, Natalie Maas, Bryan Ramirez & Irene Kim on December 15, 2025

Posted in Privacy

Since our mid-year recap on minors’ privacy legislation, several significant developments have emerged in the latter half of 2025. We recap the notable developments below.Continue Reading End-of-Year 2025 State and Federal Developments in Minors’ Privacy

California Finalizes Updates to Existing CCPA Regulations

By Lindsey Tonsager & Bryan Ramirez on November 5, 2025

Posted in Privacy

On September 23, 2025, the California Privacy Protection Agency announced that the state’s Office of Administrative Law approved regulations that update existing California Consumer Privacy Act (“CCPA”) regulations and introduce new regulations covering cybersecurity audits, risk assessments, and automated decision-making technology. The updates to the existing regulations—which take effect on January 1, 2026—expand business obligations under the CCPA and give consumers more control over their personal information. This blog post highlights key updates to the existing regulations. Continue Reading California Finalizes Updates to Existing CCPA Regulations

California Enacts New Privacy Laws

By Lindsey Tonsager, Libbie Canter, Jayne Ponder, Jenna Zhang, Ariel Dukes & Bryan Ramirez on October 21, 2025

Posted in Privacy

Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes the statutes’ key takeaways.Continue Reading California Enacts New Privacy Laws

Navigating California’s New and Emerging AI Employment Regulations

By Lindsey Tonsager, Carolyn Rashby, Michelle York & Bryan Ramirez on October 2, 2025

Posted in Artificial Intelligence (AI), Employment Law, Uncategorized

The California Civil Rights Council and the California Privacy Protection Agency have recently passed regulations that impose requirements on employers who use “automated-decision systems” or “automated decisionmaking technology,” respectively, in employment decisions or certain HR processes. On the legislative side, the California Legislature passed SB 7, which would impose additional obligations on employers who use these technologies; the bill is currently on the Governor’s desk. And, the Governor has signed SB 53, which provides certain employee whistleblower rights with respect to AI safety. Below, we discuss some of the key requirements in the new regulations and legislation.Continue Reading Navigating California’s New and Emerging AI Employment Regulations

Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act

By Lindsey Tonsager, Libbie Canter, Jayne Ponder & Bryan Ramirez on September 12, 2025

Posted in Privacy

On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA). The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026. We previously summarized some of requirements in the OCPA here. This blog summarizes notable takeaways from the enforcement report.Continue Reading Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act

California Attorney General Announces $1.55M CCPA Settlement with Healthline.com

By Lindsey Tonsager, Olivia Vega, Natalie Maas & Bryan Ramirez on July 30, 2025

Posted in Consumer, Privacy

On July 1, 2025, California Attorney General Bonta announced a $1.55 million settlement, pending court approval, related to allegations that Healthline.com, a website where consumers can read informational articles about medical and health topics, violated the California Consumer Privacy Act (“CCPA”) and the California Unfair Competition Law.Continue Reading California Attorney General Announces $1.55M CCPA Settlement with Healthline.com