DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
Trade secrets have become a de facto intellectual property right for securing valuable artificial intelligence information. Despite regulatory trends toward greater transparency of AI models, federal policy acknowledges,...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law. In the U.S.,...more
A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
The questions below are intended to help in-house counsel obtain the most important information related to technology projects so they can evaluate risks to the company’s data, intellectual property, and commercial interests,...more
The cost of a cybersecurity breach can range from hundreds of thousands of dollars for middle-market businesses to millions for larger organizations. To protect your company from evolving threats and potential cyber attacks,...more
With only four months left before most changes to the federal Standards for Safeguarding Customer Information (“Safeguards Rule”) – a component of the Gramm-Leach Bliley Act (“GLBA”) that provides for the protection of...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
The Federal Trade Commission will have its eye on privacy and data security enforcement in 2023. In August, the agency announced that it is exploring ways to crack down on lax data security practices. In the announcement,...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
The global cyber threat landscape is rapidly evolving. The number of attacks, threat vectors, and endpoints continues to grow exponentially alongside the average time to detect and respond to a security incident. Today,...more
It has been a bustling fall for the California Privacy Protection Agency (CPPA or Agency). In the spirit of the upcoming holiday season, the Agency gifted us not one but two rounds of proposed modifications to the regulations...more
Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to think of the cyber issue as relevant to digital communications and...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
In a blog post entitled “New activity from Russian actor Nobelium,” Microsoft’s V.P. of Customer Security & Trust Tom Burt discussed a recent alert issued by the Microsoft Threat Intelligence Center (MSTIC) regarding the...more
The New Jersey Attorney General’s Office announced on October 12 that Diamond Institute for Infertility and Menopause, LLC, based in Millburn, NJ, will pay a $495,000 penalty for allegedly violating HIPAA and state law by...more
The Department of Labor (DOL) recently issued new guidance on best practices for maintaining cybersecurity in connection with ERISA plans (the Guidance). The Guidance, which is intended for sponsors, fiduciaries, record...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
In light of a new DOL audit initiative and increasing cybersecurity threats to ERISA benefit plans, ERISA plan sponsors and fiduciaries should be prepared to answer some important questions: Do the cybersecurity programs of...more
PCS Revenue Control Systems, Inc. (PCS) was hit with a proposed class action lawsuit last week alleging that it discovered a data breach from a hacking attack in December 2019 but failed to notify the affected students until...more
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk. In her...more
Among many other things, 2020 has been the year of vendor security incidents and data breaches. More than ever, we have responded to incidents for clients that were caused not by the client, but by a third-party vendor....more
A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and...more