Why Privacy is Your Secret Weapon Against Third-Party Risk
Due Diligence in AI: 3 things you need to survive AI scrutiny
Enhancing Compliance: The Power of Independent Monitorships in Consumer Protection — Regulatory Oversight Podcast
Investigations and Cognitive Interviews
Consumer Finance Monitor Podcast Episode: Regulators Escalate Focus on the Risks of Bank Relationships with Fintechs and Other Third Parties
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
AGG Talks: Women in Tech Law Podcast - Episode 4: Preparing for a Transaction? What Emerging Growth Companies Need to Know
Meeting the Needs of General Counsel: Beyond the Basics of Legal Advice - On Record PR
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The U.S. DOJ settled with Verkada Inc., a cloud-based building security company that sells security cameras and other physical security products, to resolve allegations that its data security and email practices violated the...more
The recent massive data breach at National Public Data (NPD), a background check company, has potentially compromised the personal information of millions, if not billions, of individuals, including their Social Security...more
A year ago, we highlighted the National Institute of Standards and Technology’s ("NIST") release of a framework designed to address AI risks (the “AI RMF”). We noted how it is abstract, like its central subject, and is...more
CYBERSECURITY HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks - The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing...more
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024. 1. AI regulations to protect data privacy. Automated decision-making tools, smart cameras, wearables,...more
A privacy breach can have detrimental consequences for startups: A privacy breach may trigger legal consequences and regulatory scrutiny, especially for a startup that operates in areas with stringent data protection laws...more
A previous installment discussed the centrality of network topology to an organization’s data security and outlined the legal framework and obligations incumbent upon many organizations in the U.S. The first installment can...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
Exciting news from the National Veterinary Law Group at Mandelbaum Barrett PC! Our latest newsletter is here, and it’s packed with valuable insights for the veterinary industry. In this issue, you’ll find informative articles...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than...more
On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant...more
Editor’s Note: In this insightful transcript from an educational webcast hosted by HaystackID on June 28, 2023, our expert panel discussed the impact of generative AI that is currently dominating the dialogue within the legal...more
Cybersecurity is a top concern for all industries, particularly for the pharmaceutical and medical device industries. These industries hold some of the most sensitive data and highly valuable technology, making them prime...more
On 18 May 2023, the Federal Trade Commission (FTC) released a policy statement announcing its intention to combat unfair and deceptive acts related to the collection and use of consumers’ biometric information. This comes in...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
If your management team and board of directors are not talking often about cyber liability and risk management, they will be soon. As a matter of both corporate and individual liability, recent enforcement makes it clear...more
The year 2022 saw a groundswell of interest in privacy rights and related legislation. Five states enacted new laws or regulations aimed at protecting a general right to privacy, while the U.S. government came closer than...more
The Gramm-Leach-Bliley Act (“GLBA”) was a bi-partisan regulation passed by Congress in 1999 in an attempt to update and modernize the financial industry. One component of the GLBA, its Safeguards Rule, requires financial...more
Government agencies at the state and federal levels are increasingly training their sights on the cybersecurity resiliency of companies in an array of industries. The US Securities and Exchange Commission has proposed rules...more
This week, in addition to the news-catching, ongoing dispute between Twitter and Elon Musk, Twitter’s former head of cybersecurity, Peiter Zatko, claimed in a whistleblower filing with several federal agencies that Twitter...more
The Federal Trade Commission has issued new guidance under which consumers or companies should be notified of data breaches “regardless of whether a breach notification law applies.” Our Consumer Protection/FTC Team analyzes...more
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action....more
Less than a month ago, a critical vulnerability was identified in the ubiquitous, open source Log4j tool prompting swift guidance from Cybersecurity and Infrastructure Security Agency (CISA) and other security practitioners. ...more