When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and...more
When it comes to providing Managed Detection and Response (MDR) solutions for businesses, the idea of one size fits all is being replaced by the concept of right-sizing. A one-size-fits-all option is a preconfigured security...more
Editor’s Note: On February 15, 2023, HaystackID shared an educational webcast to provide valuable insight into the ways in which AI is being used to address key issues in the realm of privacy and cybersecurity. The expert...more
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
Back in November, I wrote on this blog about Big Data being one of the challenges that is forcing technology to move more to the data sooner in the discovery process. One of the most notable fun facts that illustrate just how...more
For most retailers credit cards are the primary form in which payments are made. Accepting credit cards, however, carries significant data security risks and potential legal liability. ...more
Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a...more
For most retailers the primary source of revenue comes from credit card transactions. In order to accept credit cards, a retailer must enter into a contractual agreement with a payment processor and a merchant bank....more
We help companies prepare for, respond to, and clean up data breaches and related events. We are lawyers, but in this role, we often look over the shoulders of cybersecurity technical experts, who are advising companies on...more
In April, 2016, the Payment Card Industry Security Standards Council published a new version of the PCI Data Security Standard (PCI DSS). PCI DSS Version 3.2 is intended to emphasize the importance of validating the...more
The Federal Trade Commission (FTC) issued orders to 9 companies at the beginning of this week, seeking information on how each company conducts Payment Card Industry Data Security Standards (PCI DSS) compliance assessments....more
The Federal Trade Commission (FTC) has issued orders to obtain information about the process by which businesses audit their compliance with the Payment Card Industry Data Security Standards (PCI DSS) and the role of such...more
Legal Framework - Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws? The United States generally addresses cybersecurity...more
Increasingly, companies are raising questions about PCI-DSS and its applicability to their businesses. This Legal Alert summarizes the basic aspects of PCI-DSS and its application....more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more
On Friday, February 13, 2015, the Payment Cards Industry (PCI) Security Standards Council (Council) posted a bulletin to its website, becoming the first regulatory body to publicly pronounce that Secure Socket Layers (SSL)...more
Starting Jan. 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 (click-through agreement required) will replace Version 2.0. The PCI DSS is a set of requirements developed by the four major...more
Preventing the unauthorized access to and fraudulent use of credit and debit cards has been a high priority of the payment card industry for years. As the threat environment evolves, so too do the applicable data security...more