Compliance Perspectives: Compliance’s Role in Vendor Contracts
Day 17 of One Month to More Effective Compliance for Business Ventures- Corporate Controller and Business Ventures
On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data...more
Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of...more
A decision of the High Court of the United Kingdom earlier this year is an important reminder that the limitation of liability clause remains a crucial piece of any high value or complex contractual arrangement. The...more
On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) adopted final rules relating to enhanced cybersecurity disclosures, which became effective on September 5, 2023 (the “Final Rules”). Beginning in December...more
Cooley’s AI Talks series highlights multidisciplinary perspectives on artificial intelligence and showcases the firm’s subject matter knowledge on the intricacies – and complexities – of large language models, machine...more
For employers, complying with the California Consumer Privacy Act (CCPA) can be quite burdensome. So if you can identify a simple way to reduce your obligations under this law, you should typically jump at the opportunity....more
Tech Vendors and Cybersecurity – Are They Responsible? It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you...more
It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you if its product is compromised and results in a data...more
CEP Magazine – April 2022 - As the entire industry is facing the shift to a more formalized reporting system for environmental, social, and governance (ESG) programs, the most important components of the programs can no...more
As the BakerHostetler Digital Risk Advisory and Cybersecurity team wraps up the 2022 edition of annual Data Security Incident Response (DSIR) Report, we take one last look at the findings in the 2021 edition of the report to...more
“The history of the ADA did not begin on July 26, 1990, at the signing ceremony at the White House. It did not begin in 1988 when the first ADA was introduced in Congress. The ADA story began a long time ago in cities and...more
Customers engaging a software as a service (SaaS) vendor often end up using the vendor’s form agreement, which can range from being extremely vendor friendly to middle of the road. Regardless of where it falls on the...more
Pennsylvania Governor Tom Wolf announced this week that the Commonwealth will not continue to do business with its contact tracing vendor following a security incident that potentially exposed the personal information of...more
With incredible speed, Virginia became the second state in the United States with a comprehensive data privacy law. Virginia’s law is called the Consumer Data Protection Act (CDPA). The CDPA is effective January 1, 2023,...more
Among many other things, 2020 has been the year of vendor security incidents and data breaches. More than ever, we have responded to incidents for clients that were caused not by the client, but by a third-party vendor....more
In July 2020, the Pennsylvania Supreme Court agreed to tackle the thorny question of whether Amazon can be held liable for defective products sold by third parties on its website. The Third Circuit offered up the case in June...more
Last week the Third Circuit made its most recent move in the Oberdorf v. Amazon case: asking the Pennsylvania Supreme Court whether an e-commerce business – such as Amazon – is strictly liable for a defective product that was...more
COVID-19 spurred an overnight surge in demand for work-from-home vendors. These include companies offering audio and videoconferencing services, cloud services, e-commerce platforms, and virtual desktop infrastructure, to...more
In cloud services, whether it is infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), service availability is often a significant customer concern because the customer is relying...more
In light of the threats posed by natural disasters, pandemics and civil disorder, among other events, businesses of all types must formulate responses to address significant business disruptions (“SBDs”) and the safety of...more
Editor’s Note: The average cost of a Telephone Consumer Protection Act (TCPA) settlement is estimated at $6.6 million—and healthcare is among the top three industries being targeted for TCPA litigation. Though its sponsors in...more
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
La Ley de Prácticas Corruptas en el Extranjero (“Foreign Corrupt Practices Act – FCPA”) prohíbe el pago de sobornos a funcionarios extranjeros para ayudar a obtener o retener negocios. Exige que las empresas cuyos valores se...more
The Foreign Corrupt Practices Act (FCPA) prohibits payment of bribes to foreign officials to assist with obtaining or retaining business. It requires companies whose securities are listed in the US to maintain books and...more