DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On October 21, 2024, the Securities and Exchange Commission Division of Examinations published its examination priorities for fiscal year 2025.1 In this alert, we offer ten observations for broker-dealers. Our observations...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to...more
The European Commission’s adoption on 23 October 2024 of the two regulations (Regulations) supplementing the [the Regulation on digital operational resilience for the financial sector Publications Office (europa.eu)] (DORA)...more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
This blog post focuses on how the EU’s Artificial Intelligence Act (“AI Act”) regulates generative AI, which the AI Act refers to as General-Purpose AI (“GPAI”) Models....more
The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation. With effect from 17 January 2025, a broad range of EU...more
Organisations that make international transfers of personal data have undergone significant challenges and changes over the last few years. With the invalidation of the Privacy Shield agreement in 2020 and the introduction of...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
by Becky Achten New guidance from the Employee Benefits Security Administration (EBSA) affirms that both sides—retirement plans and welfare plans—must take steps to secure participant data from cybercrime. In 2021 the...more
In this blog post, we will focus on obligations that the European Union’s Artificial Intelligence Act (AI Act) sets for deployers, providers, importers and distributors regarding high-risk AI systems....more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
The publication by the Joint Committee of the European Supervisory Authorities (ESAs) on (a) 17 July 2024 of the second batch of implementing materials and (b) 26 July 2024 of the sub-contracting of information and...more
A recently announced settlement with online alcohol addiction treatment service Monument Inc. demonstrates the Federal Trade Commission’s (FTC) continued focus on the use and disclosure of health data. The proposed settlement...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
In an evolving (and somewhat disjointed) process, FinCEN has been providing guidance to persons and entities that are responsible for filing required beneficial ownership information (“BOI”) reports to FinCEN, as well as to...more
Amid little clarity from courts, wiretap claims targeting the use of data analytics tools are becoming increasingly common. Here are ways to stay compliant and avoid costly litigation....more
Corporate interest in AI, particularly generative AI (genAI), has surged dramatically. For many legal teams, there is pressure all the way from the C-suite to start using this new technology. However, the process of...more
Artificial intelligence (AI) tools continue to proliferate, with many aiming to automate processes and increase productivity. But customers of these tools or customers of vendors who use them must understand what’s going on...more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
The sheer proliferation of supply chain transparency and accountability regulations at international scale itself warrants a closer look at the level of scrutiny required of organizations with complex, multi-faceted, global,...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
The Proposed Rule Would Subject Certain Investment Advisers to a Broad Range of AML/CFT Obligations and Represents a Significant Development for the Sector - Regulators have long considered the lack of anti-money...more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
The announcement in 2021 of the intention to implement new rules directly targeting the types of tech service provider relied on by most financial institutions may be a necessary corrective given the heavy market...more