Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Preparing for a Government Healthcare Audit
Tackling Credit Push Fraud: Understanding Nacha's Risk Management Package (Part Two) — Payments Pros: The Payments Law Podcast
Compliance into The Weeds: The Complexity of Risk Assessments
Behavioral Health Compliance
The Importance of Assessment Areas
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
What Physicians Need to Understand About Balance Billing
What Nonprofit Board Leadership Needs To Know About Internal Investigations
Taking a Behavioral Approach to Compliance
Episode 291 -- Interview of Mary Shirley on Her New Compliance Book
ChatGPT Risks for Compliance Programs
Season 2 Episode 3 - The Role of Ethics and Compliance Programs in International Business
In the Boardroom With Resnick and Fuller - Episode 4
What Non-Financial Institutions Need to Know About Gramm-Leach-Bliley
"Board-er" Patrol in Privacy and Cyberattacks - Unauthorized Access Podcast
With under six months to go until the European Union Digital Operational Resilience Act (DORA) becomes applicable on 17 January 2025, DORA implementation projects are running full steam ahead. DORA lays down uniform...more
Every week, the Array team reviews the latest news and analysis about the evolving field of eDiscovery to bring you the topics and trends you need to know. This week’s post covers the week of July 8-14. Here’s what’s...more
On June 24, 2024, the Commerce Department published a Final Determination under its Information and Communications Technology and Services (ICTS) authorities. The determination prohibits the Russian-controlled cybersecurity...more
Our Privacy, Cyber & Data Strategy Team highlights 11 common questions your company’s senior executives may have about the European Union’s Artificial Intelligence Act and how you can answer them....more
Cybersecurity success depends on more than just technology. As we’ve seen in part one and part two of this series on cybersecurity risk, the costs of a cyber attack are high – and bad actors always look for the easiest entry...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
I’m not a cyber expert, but as a compliance professional with accountability for internal investigations of employee and third-party misconduct I’ve had a front row seat to the evolution of risk that has mirrored the mass...more
From financial uncertainties to cybersecurity threats, regulatory changes, and everything in between, just how imperative is Enterprise Risk Management (ERM) technology in today’s business environment? According to a...more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
How to define and categorize EUC risks based on organizational impact - Any application supporting a critical process that is developed or managed by end users rather than an IT department or professional software...more
A coalition of fifty AGs settled with payment processor ACI Payments, Inc. and its parent company (collectively, ACI) to resolve allegations that ACI violated state consumer protection laws and regulations when a testing...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
In any merger or acquisition, the due diligence stage is one of the most critical steps. It allows the acquiring company to identify dealbreakers, assess risks, make informed decisions, negotiate effectively, ensure...more
Generative artificial intelligence (AI) is computer software that can create new content or data by tracking patterns from existing data. AI is dominating public discourse: across all media, all industries, and all segments...more
Cyberattacks continue to rise, increasing the need for robust data security. Global weekly attacks rose by 7% during the first quarter of 2023, versus the same quarter last year. Each organization is estimated to face on...more
Like it or not, the remote workforce is here to stay. Statistics show that employees say they are more productive working from home, and even before the global pandemic, there had been a 44% growth in the remote workforce...more
This blog will tell you about some of the basics companies should know when faced with a licensing compliance audit. 1. Here is their audit clause 21.5 Compliance - Autodesk has the right to verify the installation of,...more
“Geographic Information System” (GIS) describes any computer system that incorporates data related to location. GIS can present several different data points in a single map, which allows users to view and analyze trends and...more
The latest analysis of “smarter contracts” provides helpful guidance on the opportunities and potential legal and practical risks in adopting these technologies. LawtechUK’s latest analysis of so-called smarter contracts...more
In most merger and acquisition (M&A) transactions, the pace of the transaction, focus on the operational and financial performance of the target, and the competition created by multiple potential buyers make it a challenge to...more
Find out why developing a risk-informed testing strategy early in the project life cycle of an ETRM implementation project improves delivered solution quality without ballooning costs....more
On 12 March 2021, the "Code for Children's Rights" ("Code voor Kinderrechten") was launched in the Netherlands. The Code was developed by the University of Leiden and the Waag organisation commissioned by the Dutch...more
A wide variety of business and consumer platforms host mutually beneficial ecosystems. But these ecosystems are also fraught with antitrust risk that arises when platforms try to terminate or modify the terms of third-party...more
The EU Medical Device Regulation goes into application on 26 May 2020, with the In Vitro Diagnostic Medical Device Regulation set to follow on 26 May 2022. These new Regulations bring sweeping changes to the market clearance...more