DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
To increase enrollments and lower operating costs, many colleges and universities oftentimes partner with outside companies to provide portions of their academic programs online or on-campus. Serious legal risks may arise...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
The Consumer Financial Protection Bureau's Compliance Bulletin and Policy Guidance; 2016-02, Service Providers addresses the CFPB's expectation that companies oversee their business relationships with service providers in a...more
January 1, 2020, opens both a new decade and a new landscape in privacy regulation in the United States. On that day, the California Consumer Privacy Act, or CCPA, is set to become effective. The law will be the first of its...more
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
The Health Information Technology for Economic and Clinical Health Act ("HITECH Act") established financial incentives under Medicare and Medicaid for eligible health care providers that adopt, implement, and demonstrate use...more
There is little doubt that automated third party due diligence systems are in the future for many companies. An automated approach to third party due diligence is a critical risk mitigation tool to help employers avoid...more
How to make the case for implementing third party compliance training in your organization. A recent article in the San Francisco Chronicle profiled Jay Jorgensen, the new Global Chief of Compliance at Walmart. The...more