Compliance Perspectives: Compliance’s Role in Vendor Contracts
Day 17 of One Month to More Effective Compliance for Business Ventures- Corporate Controller and Business Ventures
Tech Vendors and Cybersecurity – Are They Responsible? It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you...more
It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you if its product is compromised and results in a data...more
As the BakerHostetler Digital Risk Advisory and Cybersecurity team wraps up the 2022 edition of annual Data Security Incident Response (DSIR) Report, we take one last look at the findings in the 2021 edition of the report to...more
Pennsylvania Governor Tom Wolf announced this week that the Commonwealth will not continue to do business with its contact tracing vendor following a security incident that potentially exposed the personal information of...more
With incredible speed, Virginia became the second state in the United States with a comprehensive data privacy law. Virginia’s law is called the Consumer Data Protection Act (CDPA). The CDPA is effective January 1, 2023,...more
Among many other things, 2020 has been the year of vendor security incidents and data breaches. More than ever, we have responded to incidents for clients that were caused not by the client, but by a third-party vendor....more
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats. Consider these five steps during your summer break to address the protection of...more
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
A challenging risk management project that many clients are addressing is vendor management. Ever since the Target breach, when an HVAC vendor’s employee clicked on a phishing email that allowed an intruder to compromise...more
The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses...more
Data privacy and security can feel overwhelming for a company’s executive management. Unfortunately, that overwhelming feeling can prevent constructive dialogue and action toward improving a company’s cybersecurity program....more
This summer, several automakers, including Tesla, Toyota, General Motors, Ford, and Volkswagen learned that their closely held trade secrets were readily available on the internet. The source? An unprotected back-up server....more
Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The...more
The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25th. As most organizations are aware, the GDPR applies not only to EU businesses but also many companies in the U.S. While the deadline is quickly...more
In just a few short days, on May 25, 2018, supervisory authorities in the European Union ("EU") will begin enforcement of the EU's General Data Protection Regulation ("GDPR"). The GDPR is a regulation enacted by the EU to...more
We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
Editor’s Note: Strictly speaking, this blog post isn’t really about human resources management or employment law. But it might be; the GDPR is vaguely written and it is not at all clear how it will be applied in relation to...more
Saturday January 28, 2017 is Data Privacy Day. The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints. So hoist a glass and...more
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as...more