Practical writing on governance, privacy, and risk from someone who's had to make it work.

I write about what I'm seeing in practice — what's working, what isn't, and where the gap between policy and operations actually lives. I'm not trying to cover everything. When something worth saying comes up, I say it.

If there's a topic you'd like me to dig into, reach out. I pay attention to what people are actually wrestling with.

The Federal AI Bill Isn't About Your Business - And That's the Problem
Jeremy Harris Jeremy Harris

The Federal AI Bill Isn't About Your Business - And That's the Problem

The Great American AI Act is primarily a frontier model governance bill. Title I — the bulk of the regulatory framework — targets the handful of companies that trained large AI foundation models using extraordinary compute resources. For businesses that deploy AI, two provisions apply, the state compliance patchwork is fully intact, and preemption is narrower than most coverage suggests.

Read More
Two Things I Couldn't Let Go This Week
Jeremy Harris Jeremy Harris

Two Things I Couldn't Let Go This Week

Verizon's 2026 DBIR found vulnerability exploitation just knocked stolen credentials off the top spot as the most common initial access vector. First time in 19 years. Separately, Colorado repealed and replaced its landmark AI Act before it ever took effect. Two unrelated stories, both worth your time this week.

Read More
California's CCPA enforcer said $12.75M might not be high enough
Jeremy Harris Jeremy Harris

California's CCPA enforcer said $12.75M might not be high enough

California fined General Motors $12.75 million on May 8, the largest CCPA penalty in state history. Days later, CalPrivacy's Deputy Director of Enforcement said fines "could become a cost of doing business if they're not higher." Four cases, four years, and a self-replenishing enforcement budget: here's what California has built.

Read More
HIPAA Compliance Beyond the Binder
Jeremy Harris Jeremy Harris

HIPAA Compliance Beyond the Binder

OCR is increasingly focused on whether HIPAA programs work in practice, not just on paper. This article explains the enforcement trend and why operational compliance can help healthcare businesses move faster and scale more responsibly.

Read More
AI or You? Who’s on the hook?
Jeremy Harris Jeremy Harris

AI or You? Who’s on the hook?

When an AI tool fails in a healthcare setting, everyone points at someone else — and patients and regulators don't care. Six questions every compliance, legal, and IT leader should be able to answer before going live with an AI deployment.

Read More