The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
No Password Required: LIVE From Sunshine Cyber Con
On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a...more
The Network and Information Security 2 Directive (EU) 2022/2555 ("NIS2") entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining...more
Maintaining compliance is your job. But sometimes that job feels like a slog through the deepest jungle. More than 130 countries have some form of data privacy and protection law on the books. At the same time, 63% of...more
The Brazilian Data Protection Authority (ANPD) has published its new regulation on the Data Protection Officer’s (DPO) role. A central figure in privacy governance, the DPO serves as the liaison between the data controller,...more
Have you ever considered the number of legal challenges that come with running a business in the digital era? Forbes predicts that the global e-commerce will surpass $6 trillion in 2024, meaning that there is no shortage of...more
On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United...more
The Department of Justice ("DOJ") is wasting no time in implementing the new cyber-security Executive Order (the EO), signed on February 28, 2024. As explained in our April 2024 blog post, the EO aims to portect Americans’...more
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was enacted in 2022 with the primary purpose of preserving national security, economic security, and public health and safety. CIRCIA provides the Director...more
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently,...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
No one was surprised when compliance and risk publications cited cybersecurity as the number one risk that corporations face today. While this is a relatively simplistic and head-line grabbing statement, the truth remains...more
In today’s digital age, securing sensitive healthcare data is paramount. With the rise in cyber threats targeting healthcare organizations, the Department of Health and Human Services (HHS) has taken proactive steps to...more
In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws. The National Institute of Standards and Technology (“NIST”)...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
Editor’s Note: On January 17, 2024, HaystackID hosted a cogent webcast, “Notable Trends in US Privacy Law,” featuring HaystackID privacy and compliance expert Chris Wall, and an esteemed panel of privacy and compliance...more
Last year, the U.S. Securities and Exchange Commission (SEC) proposed ambitious rules relating to artificial intelligence (AI) that have drawn significant commentary and criticism. While it is unlikely that any changes in the...more
As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more
When it comes to data privacy and regulation of personal information, United States companies face a number of major challenges. Compliance is not easy when you have fast-moving targets. The single biggest cause of this...more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more
Welcome to your monthly legal insights on the trends impacting the Retail, Hospitality, and Food & Beverage Industries. Cybersecurity/Privacy - It’s a New Year and a Good Time for a Cybersecurity Checkup - 2023 was another...more
We have received several requests for a list of the compliance policies that make sense for every multinational company. So, as a follow-up to our earlier two posts providing “twelve steps to international compliance” (see...more
Nearly every company today relies on technology to operationalize their business in one form or another. While the use cases for technology, including artificial intelligence (AI), vary among companies and industries, its...more
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more