Why Privacy is Your Secret Weapon Against Third-Party Risk
Due Diligence in AI: 3 things you need to survive AI scrutiny
Enhancing Compliance: The Power of Independent Monitorships in Consumer Protection — Regulatory Oversight Podcast
Investigations and Cognitive Interviews
Consumer Finance Monitor Podcast Episode: Regulators Escalate Focus on the Risks of Bank Relationships with Fintechs and Other Third Parties
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
AGG Talks: Women in Tech Law Podcast - Episode 4: Preparing for a Transaction? What Emerging Growth Companies Need to Know
Meeting the Needs of General Counsel: Beyond the Basics of Legal Advice - On Record PR
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
As Artificial Intelligence (AI) continues to evolve and integrates into business processes, the Office of the Privacy Commissioner for Personal Data (PCPD) released its Artificial Intelligence: Model Personal Data Protection...more
On February 28, 2024, President Biden issued a new Executive Order in order to better secure the private data of U.S. citizens from being exploited by foreign adversaries of the United States. By issuing his Executive Order...more
As employment-related artificial intelligence (“AI”) tools proliferate, multinational employers feel increasing pressure to deploy AI across their global offices. These tools can provide great value and efficiency across the...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
On August 30, 2022, the Hong Kong Privacy Commissioner for Personal Data (the “PCPD”) released a guidance note (the “Guidance Note”) on data security measures for information and communications technology to provide...more
WHAT YOU NEED TO KNOW IN A MINUTE OR LESS - The collection and storage of sensitive data can not only invite the attention of government agencies, but also that of putative class action plaintiffs. Government inquiries,...more
Gain critical strategies for managing reviews in the new Team Telecom environment. The American Conference Institute’s 2nd National Team Telecom Conference will take place in Washington D.C. on April 25, 2022, one day...more
Facial recognition technology, drones the size of a butterfly, secure microchips replacing magnetic stripes on credit cards, sensors the size of a grain of sand swallowed by patients that transmit data directly to the...more
China recently enacted its Personal Information Privacy Law (PIPL), which came into effect November 1, 2021. PIPL has global reach and broadly regulates entities of all industries that process the personal data of Chinese...more
Learning Objectives: - What is a PIA and a DPIA? - Who should instigate assessments? - How and when to use assessments? - The relationship between assessments and privacy by design, and legal grounds for processing...more
This week, the Department of Homeland Security’s inspector general said in an oversight report that U.S. Customs and Border Protection (CBP) officials have failed to use adequate cybersecurity measures and safeguards to...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
It is no overstatement to say that 2019 saw a torrid pace of development of Asia-Pacific region data protection and cybersecurity laws. Such was the rate and complexity of change that it is not straightforward to distil...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
To stay ahead of the new privacy and data security requirements, such as CCPA and recent data security state laws, insurers need to take steps now to navigate the increasingly complex regulatory landscape. This article...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
Over the last few years, data privacy has been brought in to the public focus more than ever before. What information is being collected about you, how is it being used, and who has the ability to access it. ...more
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
The National Institute of Standards and Technology (NIST) released its first privacy framework tool (the “Privacy Framework”) on January 16, 2020. In the Executive Summary...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
FBI Warns of Retaliatory Cyber-Attack from Iran - The Federal Bureau of Investigation (FBI) is warning of a heightened likelihood of Iranian cyber-attacks following the escalation of tension between the U.S. and Iran. This...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
Under Russian Data Protection Law, when collecting personal data, data operators (controllers) must ensure that recording, systematization, accumulation, storage, updating and extraction of personal data relating to Russian...more