The New York State Department of Financial Services recently published additional Frequently Asked Questions addressing compliance and providing clarity regarding the enhanced multi-factor authentication requirements in the...more
3/2/2026
/ Best Practices ,
Cloud Service Providers (CSPs) ,
Compliance ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Multi-Factor Authentication ,
New York ,
NYDFS ,
Regulatory Requirements ,
Risk Management ,
Social Engineering ,
Third-Party Service Provider
Even if you read them at the time, you’ll want to read them again.
In 2025, organizations faced significant developments in the areas of immigration, workplace policies, federal enforcement, and data privacy. ...more
1/22/2026
/ Affirmative Action ,
Americans with Disabilities Act (ADA) ,
Anti-Harassment Policies ,
Artificial Intelligence ,
Data Privacy ,
Employer Liability Issues ,
Employment Discrimination ,
Employment Litigation ,
Employment Policies ,
Executive Orders ,
Foreign Workers ,
Fraternization Policies ,
Immigration Procedures ,
Labor Relations ,
Reasonable Accommodation ,
Religious Accommodation ,
Religious Discrimination ,
Reverse Discrimination ,
State Data Privacy Laws ,
State Privacy Laws ,
Temporary Protected Status ,
UK ,
Wage and Hour
As 2025 comes to an end, there have been some valuable cybersecurity lessons for businesses. These involve vendor oversight, internal coordination, and incident response plans. Businesses should vow to address them in 2026 if...more
11/24/2025
/ Best Practices ,
Contract Terms ,
Cyber Attacks ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Employee Training ,
Incident Response Plans ,
Policies and Procedures ,
Risk Management ,
Risk Mitigation ,
Supply Chain ,
Third-Party Service Provider ,
Vendors
Another type of cyber attack.
Operations for Japan-based beverage giant Asahi Group Holdings recently shut down after a cyberattack, causing a ripple effect that extended far beyond its breweries.
The incident forced...more
11/18/2025
/ Automation Systems ,
Business Continuity Plans ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Incident Response Plans ,
Information Technology ,
Japan ,
Manufacturers ,
Popular ,
Ransomware ,
Risk Management ,
Supply Chain ,
Third-Party Service Provider ,
Vendors
October is National Cybersecurity Awareness Month, which is celebrating its 21st year. Spearheaded, organized and led by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance, the...more
10/30/2025
/ Best Practices ,
Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Multi-Factor Authentication ,
Passwords ,
Phishing Scams ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Software
The recent shutdown of the federal government has left many critical services in limbo, including the nation’s primary cybersecurity agency. Amid the ongoing budget standoff in Congress, funding for the Cybersecurity and...more
10/21/2025
/ Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Government Shutdown ,
Information Sharing ,
New Legislation ,
Popular ,
Proposed Legislation ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management
Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks. In fact, a recent breach at a major health care analytics firm exposed the data of 5.4 million U.S. patients, making it one of...more
7/28/2025
/ Best Practices ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Internet of Things ,
Phishing Scams ,
Popular ,
Risk Management
New York ‘s Child Data Protection Act, available here, took effect on June 20. This is a landmark piece of legislation designed to enhance the online privacy and safety of minors. As concerns over children’s digital...more
7/14/2025
/ Algorithms ,
CDPA ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Minors ,
New York ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S....more
Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13,...more
3/17/2025
/ Chile ,
Compliance ,
Data Breach ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements
On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements....more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
1/6/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Documentation ,
Incident Response Plans ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
WISP
The Commonwealth of Pennsylvania has amended its Breach of Personal Information Notification Act. The amendments, available here 2024 Act 33 - PA General Assembly (state.pa.us), took effect last week, on September 26. The key...more
On April 24, the Federal Trade Commission announced that it had finalized changes to its Health Breach Notification Rule - to address emerging technologies. Specifically, the Rule was broadened to (1) apply to entities not...more
Effective May 24, 2024, the Office of the Privacy Commissioner of Canada (OPC) has introduced a new online PIPEDA breach reporting form for federal institutions and businesses subject to the Personal Information Protection...more
On May 22, 2022, Minnesota Gov. Tim Walz (D) signed the Student Data Privacy Act (the “Act”), H.F. No. 2353, into law which amends Minnesota’s Government Data Practices Act. The Act went into effect beginning with the...more
On March 2, the Biden Administration released a “National Cybersecurity Strategy,” which it says takes a comprehensive approach to securing cyberspace for all and ensuring the United States is in the best position to take...more
Recent amendments to Pennsylvania’s data breach law -- the Breach of Personal Information Notification Act – will take effect May 3. The amendments were enacted in November.
Originally enacted in 2006, the Act provides for...more