News & Analysis as of September 21, 2024

Compliance › Data Protection › Cyber Attacks

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. ... more +

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

SEC Settlement: Cybersecurity Internal Controls

Patterson Belknap Webb & Tyler LLP on 7/23/2024

On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more

Coming Soon! CISA’s Proposed Rule on Government-wide Cybersecurity Reporting Requirements for Contractors

PilieroMazza PLLC on 5/29/2024

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was enacted in 2022 with the primary purpose of preserving national security, economic security, and public health and safety. CIRCIA provides the Director...more

Network Topology and Mapping: Cornerstones of Data Security – Part 1

Bradley Arant Boult Cummings LLP on 11/30/2023

Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more

BA Depicted by OCR as Example of Ransomware Dangers Recovered Quickly, Didn’t Expect Fine

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more

Privacy Briefs: November 2023

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more

SEC, Solar Winds and Compliance

Thomas Fox - Compliance Evangelist on 11/7/2023

The recent SEC lawsuit against SolarWinds Corp and its CISO, Tim Brown, following the 2020 data breach, has brought the issue of executive liability in cybersecurity disclosures to the forefront. This case sheds light on the...more

What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards?

Skadden, Arps, Slate, Meagher & Flom LLP on 11/7/2023

On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more

Privacy Briefs: October 2023

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more

Episode 282 -- CISO and CCOs -- The Evolving Partnership

The Volkov Law Group on 7/23/2023

If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation...more

Maintaining Focus on Cyber Risks (Part II of IV)

The Volkov Law Group on 7/12/2023

If you read about the world of hackers and cyber threats, you will quickly become numb to the creativity and variety of techniques that may threaten your organization. Like all risks, however, the key is to consider...more

NAVEX’s 2023 State of Risk & Compliance Report: Compliance Steps Up

The Volkov Law Group on 7/6/2023

NAVEX’s annual report on the state of risk and compliance is a must read. Each year NAVEX supplies helpful insights that compliance professionals, corporate managers and board members can use to benchmark their respective...more

Ransomware Criminal Prosecution of Russian National Underscores Pervasive Ransomware Risks

The Volkov Law Group on 6/1/2023

In today’s world of cyber threats, many companies have fallen victim to ransomware attacks. Corporate boards and senior executives face serious issues when their companies are attacked. The payment of ransom is not only...more

Cybersecurity and eDiscovery: What you need to know about your vendor

Array on 1/31/2023

Baker McKenzie recently released their sixth annual edition of ‘The Year Ahead: Global Disputes Forecast’ in which senior legal and risk leaders share what they expect to see in the coming year. From an overarching...more

Cyber laws will be updated to boost UK’s resilience against online attacks

BCLP on 12/30/2022

The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more

[Virtual Event] Richmond Regional Healthcare Compliance Conference - December 9th, 8:25 am - 4:30 pm EST

Health Care Compliance Association (HCCA) on 11/9/2022

General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more

[Webcast Transcript] CFIUS Compliance: Your Approach May Be A Matter of National Security

HaystackID on 8/8/2022

Editor’s Note: On July 27, 2022, HaystackID shared an educational webcast on the topic of Committee on Foreign Investment in the United States (CFIUS) compliance. CFIUS is a U.S. government interagency committee with the...more

[Event] U.S. Export & Reexport Compliance For Canadian Operations - January 26th - 27th, Toronto, ON, Canada

American Conference Institute (ACI) on 12/20/2021

The Canadian Institute’s 11th Annual Forum on U.S. Export & Re-Export Compliance for Canadian Operations will take place in Toronto on January 25–27! IN-PERSON and LIVESTREAM options available. Over the last decade, this...more

Chris Ford on Compliance and Cloud Computing

Society of Corporate Compliance and Ethics... on 9/23/2021

While organizations have increasingly embraced cloud computing as a solution to their data management and other needs, they do so in an environment of heightened risks. Attacks on cloud providers are increasing, which makes...more

[Virtual Event] Global Compliance Updates - November 2nd - 3rd, 5:55 pm - 8:15 pm GST

Society of Corporate Compliance and Ethics... on 9/14/2021

Compliance teams looking to stay ahead of the changing landscape need to be up to date on the latest developments. Join us for Global Compliance Updates in collaboration with the DIFC Academy, on 2–3 November 2021. This...more

Nick Culbertson on Compliance Breaches in Healthcare

Health Care Compliance Association (HCCA) on 7/15/2021

Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally...more

Cybersecurity Compliance Programs for Law Firms

Oberheiden P.C. on 7/7/2021

Law firms process sensitive information on a daily basis. Confidential client data is targeted by hackers and insiders for a variety of reasons including financial gain or retaliatory purposes. When a law firm has a security...more

[Webinar] Top Risk Management Lessons from the SolarWinds Hack - January 27th, 10:00 am - 11:00 am PT

NAVEX on 1/18/2021

Last month there was a cyber-attack suspected to have been perpetrated by Russian hackers. The attack was traced back to third party – a network management software vendor, SolarWinds. Among its 300,000 customers, SolarWinds...more

SEC Issues New Risk Alert on “Credential Stuffing” Attacks

Faegre Drinker Biddle & Reath LLP on 9/18/2020

On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors...more

Compliance Perspectives: Cybervigilance and Cyber-resiliency

Society of Corporate Compliance and Ethics... on 1/7/2020

Mark Lanterman, Chief Technology Officer of Computer Forensic Services lives technology at its most terrifying, helping organizations manage the risks of the IT we all use constantly. Recently he authored an article...more

Managing Third-Party Vendor Cybersecurity Risks (Part II of III)

The Volkov Law Group on 9/11/2019

We all know that businesses rely on a large number of third-party vendors to support their business operations. Many of these third parties require access to a company’s data and its internal information and technology...more

47 Results

/

View per page

Page: of 2

Next »