Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Preparing for a Government Healthcare Audit
Tackling Credit Push Fraud: Understanding Nacha's Risk Management Package (Part Two) — Payments Pros: The Payments Law Podcast
Compliance into The Weeds: The Complexity of Risk Assessments
Behavioral Health Compliance
The Importance of Assessment Areas
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
What Physicians Need to Understand About Balance Billing
What Nonprofit Board Leadership Needs To Know About Internal Investigations
Taking a Behavioral Approach to Compliance
Episode 291 -- Interview of Mary Shirley on Her New Compliance Book
ChatGPT Risks for Compliance Programs
Season 2 Episode 3 - The Role of Ethics and Compliance Programs in International Business
In the Boardroom With Resnick and Fuller - Episode 4
What Non-Financial Institutions Need to Know About Gramm-Leach-Bliley
"Board-er" Patrol in Privacy and Cyberattacks - Unauthorized Access Podcast
Cyberattacks continue to rise, increasing the need for robust data security. Global weekly attacks rose by 7% during the first quarter of 2023, versus the same quarter last year. Each organization is estimated to face on...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels. ...more
Organizations attacked with ransomware have a bevy of decisions to make, very quickly! One of those decisions is whether to pay the ransom. Earlier this year, I had the honor of contributing to a two-part series, entitled...more
What You Should Know •The FTC has amended the Safeguards Rule for non-bank providers of financial products and services by issuing a Final Rule. •The updates are intended to enhance the security of consumer financial...more
On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing...more
New Jersey Acting AG Andrew Bruck reached a settlement with healthcare provider Diamond Institute for Infertility and Menopause, LLC (“Diamond”) to resolve allegations stemming from a 2016 data breach that compromised the...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
I am hardly saying that SEC Regulation S-P is the sexiest of regulations. I mean, has any customer is history actually read one of those exciting statement stuffers that discloses in some dense font a BD’s privacy policy?...more
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
With corporate data security breaches on the rise, the New York State Department of Financial Services (NYDFS) has adopted rules requiring financial institutions to take certain measures to safeguard their data and inform...more
In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”). While the revisions pare back some of the DFS Rule’s original requirements...more
Hogan Lovells partners Harriet Pearson and Greg Lisa discuss how companies should prepare so that they are compliant with the proposed cybersecurity regulation from the New York State Department of Financial Services (NYDFS),...more
We previously reported on the New York Department of Financial Services’ proposed cybersecurity regulations. During the public comment period, the DFS received over 150 comments. In response, the DFS announced on December 28,...more
On Dec. 28, 2016, the New York State Department of Financial Services (NYDFS) published a revised version of its “Cybersecurity Requirements for Financial Services Companies” (the “Regulations”). The revised Regulations...more
As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more
The New York Department of Financial Services (NYDFS) just issued major revisions to the cybersecurity regulations for financial institutions that were due to come into effect on January 1, 2017. To allow covered institutions...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
On September 13, 2016, the New York State Department of Financial Services (DFS) proposed new rules that would require certain “Covered Entities” to establish and implement cybersecurity programs designed to protect nonpublic...more
On March 16, 2016, the Office for Civil Rights (OCR) issued a press release announcing that it has settled its investigation of North Memorial Health Care System (NMHCS), located in Minnesota, for $1.55 million saying that...more
Two provisions of the Cybersecurity Act of 2015—the Federal Cybersecurity Enhancement Act and the Federal Cybersecurity Workforce Assessment Act?task the Department of Homeland Security (“DHS”) and the Office of Management...more