Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The AI Shakeup: New Tech Innovations and the Future of Corporate Law
Principled Podcast: S11E7 | Fortifying Ethical Frameworks: Navigating Emerging Risks in the Middle East
Managing Compliance Risk for Human Trafficking and Modern Slavery
Common Scenarios Triggering False Claims Act Violations, Part 3: Claims and Investigations
Navigating Bank-Fintech Partnerships: Avoiding Common Pitfalls — The Consumer Finance Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
Revisiting Financial Institution Incentive Compensation Rules Under Dodd-Frank — The Consumer Finance Podcast
Episode 325 -- AI and Emerging Compliance Frameworks
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
As the COVID-19 pandemic appears to be entering the endemic phase, organizations are turning their attention to onsite collaboration and physical interaction among staff members, many of whom have been working remotely for...more
You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the...more
In a recent decision, the Delaware Court of Chancery noted that a plaintiff-franchisor did not take adequate protections to safeguard the confidentiality of its purported trade secrets while using a remote audiovisual...more
Following the UK Government's announcement in January 2020 that it would be moving forwards with regulation on consumer IoT device security, the Government has now published its legislative proposals and is seeking feedback...more
Social distancing, a term which few of us had heard of before this year (despite the fact that it has been used since at least the early 2000s), is stretching into its third month....more
If you are reading this during April 2020, you’re probably reading it from somewhere in your own home — and probably near the friends and loved ones with whom you’re living in close quarters during this time of remote work,...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
Fear of the coronavirus is causing many employers to permit—or in some cases mandate—employees to work remotely. While this measure is designed to minimize the risk of virus transmission, it presents an altogether different...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
UK Government set to move forwards with regulation on consumer IoT device security The UK Government has just announced that it intends to draw up legislation aimed at ensuring that all consumer smart devices sold in the UK...more
New data retention limitations and disposal requirements on some types of businesses in New York will go into effect on March 21, 2020, under the Stop Hacks and Improve Electronic Data Security (SHIELD Act) that was signed...more
From late June 2019 through mid-October 2019, a handful of states amended their data breach notification statutes. Specifically, six states amended their states to (1) require notice to the State Attorney General, (2) broaden...more
Last Thursday, Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses...more
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
Today, business is increasingly global, and with that global reach comes travel. In 2018, according to the U.S. Travel Association, business travel spending topped $327 billion, and 2019 shows no signs of slowing down. Given...more
Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to...more
We all have been trained to look at website addresses with a critical eye to make sure they have “https,” as those websites are supposed to be secure. The “s” at the end signifies to us that it is secure. The lock at the...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more
Is your “smart building” connected? Is your high-tech office, residential building or entertainment facility, with embedded sensors, wireless networks, remote monitoring devices and internet-capable security cameras, now just...more
At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive...more