As recent events indicate, American companies may be the subject of destructive data “wiper” attacks and potential data theft by Iran-linked hackers....more
3/17/2026
/ Business Continuity Plans ,
Business Interruption ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Iran ,
National Security ,
Risk Management ,
State Sponsors of Cyberattacks ,
Supply Chain ,
Third-Party Risk ,
Third-Party Service Provider
Last week, the U.S. Supreme Court agreed to hear a case that is expected to resolve a long-developing split among federal courts of appeals over the scope of the Video Privacy Protection Act of 1988 (“VPPA”), 18 U.S.C. §...more
2/4/2026
/ Appellate Courts ,
Class Action ,
Consumer Privacy Rights ,
Data Privacy ,
Data-Sharing ,
Litigation Strategies ,
Online Platforms ,
Personal Information ,
SCOTUS ,
Split of Authority ,
Statutory Interpretation ,
Video Privacy Protection Act ,
Web Tracking ,
Websites
The New York Department of Financial Services (“NYDFS”) implemented the final phases of amendments to its NYDFS Cybersecurity Regulation (23 NYCRR Part 500) in May and November....more
1/20/2026
/ Asset Management ,
Compliance ,
Cybersecurity ,
Data Security ,
Financial Institutions ,
Multi-Factor Authentication ,
New Guidance ,
New Regulations ,
New York ,
NYDFS ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Third-Party Service Provider ,
Vulnerability Assessments
The California Consumer Privacy Act (“CCPA”) has entered yet another new chapter – audits. On January 1, 2026, the California Privacy Protection Agency (“CPPA”) regulations took effect, establishing comprehensive...more
1/15/2026
/ Audits ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Compliance Dates ,
Compliance Monitoring ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
State Privacy Laws
As compliance professionals reflect upon the past year, many will look back with frustration on efforts taken to comply with the Department of Justice’s Data Security Program (the “DSP” or “Rule”)....more
Following several unsuccessful attempts to secure federal preemption of state artificial intelligence (“AI”) regulations through Congress, first, through the “Big Beautiful Bill,” and then as part of the National Defense...more
12/15/2025
/ Artificial Intelligence ,
Constitutional Challenges ,
Department of Justice (DOJ) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Federal v State Law Application ,
Government Agencies ,
New Legislation ,
Preemption ,
Regulatory Reform ,
State and Local Government ,
Trump Administration
Asset managers generally have fiduciary duties to their clients, including the duty of care and the duty of loyalty. These duties require, among other things, appropriate diligence in selecting, engaging and overseeing AI...more
12/11/2025
/ Artificial Intelligence ,
Conflicts of Interest ,
Consent ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Disclosure Requirements ,
Fiduciary Duty ,
Information Governance ,
Investment Adviser ,
Policies and Procedures ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
An increasingly aggressive plaintiffs’ bar has brought purported class action suits based on the nearly ubiquitous use of tracking technologies used for website analytics. Although any actual harm to the plaintiffs is...more
7/14/2025
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Compliance ,
Consent ,
Consumer Privacy Rights ,
Cookies ,
Data Privacy ,
Data Protection ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Privacy Laws ,
Third-Party ,
Web Tracking
On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal...more
4/15/2025
/ China ,
Compliance ,
Corporate Counsel ,
Data Privacy ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Final Rules ,
New Guidance ,
Personal Data ,
Sensitive Personal Information
On October 29, 2024, the Department of Justice (“DOJ”) published its Notice of Proposed Rulemaking (“NPRM”) to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data...more
11/5/2024
/ Biometric Information ,
CFIUS ,
China ,
Cybersecurity Information Sharing Act (CISA) ,
Data Brokers ,
Data Transfers ,
Department of Justice (DOJ) ,
Employment Contract ,
Executive Orders ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Financial Services Industry ,
Geolocation ,
Iran ,
National Security ,
North Korea ,
PRC ,
Prohibited Transactions ,
Proposed Rules ,
Recordkeeping Requirements ,
Risk Management ,
Russia ,
Sensitive Business Information
On October 22, 2024, the Securities and Exchange Commission (“SEC”) filed settled enforcement orders involving four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Ltd, and...more
11/1/2024
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Failure To Disclose ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
SolarWinds