Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The AI Shakeup: New Tech Innovations and the Future of Corporate Law
Principled Podcast: S11E7 | Fortifying Ethical Frameworks: Navigating Emerging Risks in the Middle East
Managing Compliance Risk for Human Trafficking and Modern Slavery
Common Scenarios Triggering False Claims Act Violations, Part 3: Claims and Investigations
Navigating Bank-Fintech Partnerships: Avoiding Common Pitfalls — The Consumer Finance Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
Revisiting Financial Institution Incentive Compensation Rules Under Dodd-Frank — The Consumer Finance Podcast
Episode 325 -- AI and Emerging Compliance Frameworks
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
The Securities and Exchange Commission (“SEC”) adopted new rules requiring the disclosure of cybersecurity risk management, strategy, governance and material incidents (the “Rules”), effective September 5, 2023. The Rules...more
For the second year in a row, the manufacturing industry has fallen victim to more cyberattacks than any other major business sector. Indeed, according to IBM Security’s X-Force Threat Intelligence Index, nearly 25 percent...more
After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”). The Final Rules make meaningful changes to the current and...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules...more
Complementing the patchwork of state data breach notification laws, a number of federal agencies recently have promulgated sector-specific reporting rules affecting a variety of companies, both directly and indirectly, with...more
On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing...more
The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws....more
On May 12. 2021, President Biden signed an Executive Order aimed at improving the Nation’s Cybersecurity by curtailing data breaches and malicious cyber campaigns. The Order comes in response to a number of recent...more
Selected Developments in U.S. Law - Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services As the Biden Administration begins detailing its regulatory and...more
The charitable organization sector faces many compliance challenges, including: - unique tax exemption issues - fundraising registration and related issues - privacy and data security - complex reporting...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
The FDIC and OCC have issued new guidance for banks on heightened cybersecurity risks facing the financial services industry because of increased geopolitical tensions and threats of aggression. The guidance published on...more
The General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and...more
With the growing threat of cyberattacks, we thought it would be worthwhile to discuss a late 2016 change in reporting requirements for federal agencies that have suffered a data breach. The Office of Management and Budget’s...more
The Irish Data Protection Commissioner (DPC) has issued a 12-step checklist of actions companies can take now to better prepare for compliance with the General Data Protection Regulation (GDPR), the new EU privacy regulation...more
As with the world economy, the shipping markets are currently experiencing a major bout of volatility. The wide range of matters we are handling in our maritime law practice certainly reflects the current swings the shipping...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more