Data Retention and Document Holds
Trial by Tech: The Evolution of the Digital Courtroom – Speaking of Litigation Video Podcast
Information Security and ISO 27001
No Password Required: LIVE From Sunshine Cyber Con
Calculating eDiscovery Costs: Tips from Brett Burney
No Password Required: President at Constellation Cyber, Former FBI Translator, and Finder of Non-Magical Mushrooms
Managing Large Scale Review Efficiency: Tips From a GC
DE Under 3: US DOL Inspector General’s Office Report Cites IT Modernization & Security Concerns
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
Podcast: Discussing Information Blocking with Eddie Williams
The Data Center Cooling Conundrum With Leland Sparks - TAG Infrastructure Talks Podcast
[Podcast] TikTok off the Clock: Navigating the TikTok Ban on Devices for Government Contractors
Everything Dynamic Everywhere: Managing a More Collaborative Microsoft 365
Law Firm ILN-telligence Podcast | Episode 62: Pierre Hurt, Lutgen & Associes | Luxembourg
ATL1, Atlanta Infrastructure and More With Brandon Peccoralo of Databank - TAG Infrastructure Talks Podcast
Expanded Information Block Rules Go into Effect
5 Key Takeaways | Current Perspectives Around the Convergence of Life Sciences and IT
No Password Required: A Child of the 1980s With a Knack for Storytelling, Comedic Timing, and Building an Elite Cybersecurity Team
Changing Hands: Keys To Downstream M&A IT Integration
Mia Reini and Monica Lopez Reinmiller on a Risk-Based Approach to Managing Employee Hotlines
Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
The U.S. General Services Administration (GSA) recently announced plans to develop the Federal Risk and Authorization Management Program (FedRAMP) 20x – a new approach to the government-wide program for the security...more
The demand for data centers is continuing to accelerate, fueled largely by generative artificial intelligence (Gen AI), broader digital transformation, and organizations migrating to cloud infrastructure. Gen AI adoption...more
The European Commission has adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the...more
This monthly report outlines key developments in China’s data protection sector for March. The following events merit special attention...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
On May 31, 2025, the Alberta Security Management for Critical Infrastructure Regulation (the Regulation) will come into force and is expected to alter existing security requirements for critical resource infrastructure in...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Banking Authority (EBA) has published a final report with amending guidelines in respect of Guidelines EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of the Digital...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
Beginning 17 January 2025, the Digital Operational Resilience Act (DORA) will apply to almost all EU financial entities, including banks, insurers and reinsurers, brokers , payment and electronic money institutions,...more
Digital Operational Resilience Act (DORA) aims to harmonize provisions related to cybersecurity and information and communication technology (ICT) risk management in the financial sector. Its scope covers nearly all entities...more
Background - The Digital Operational Resilience Act (DORA), a European Union (EU) regulation that is set to transform how financial entities and their information technology (IT) service providers manage operational risks,...more
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
On November 8, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Consumer Privacy Act (as amended by the California Privacy Rights Act), unanimously voted to...more
The Federal Communications Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA). FCC Chairwoman Jessica Rosenworcel...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority ("ANPD"), approved the Data Breach Notifying Regulation (the “Regulation”). The Regulation establishes procedures for data controllers to notify...more
Additional States Implement Notice Requirements for Healthcare Transactions - In a prior blog post, we noted the trend of states enacting legislation implementing reporting requirements for certain healthcare transactions....more
On March 26, 2024, the HHS Office of Inspector General (OIG) released a cybersecurity toolkit for HHS leaders to help them plan and deploy information systems in response to disasters and public health emergencies. The...more
Updates to the Health Insurance Portability and Accountability Act Security Rule (“HIPAA Security Rule”) are planned for Spring 2024. New guidance from The Department of Health and Human Services (“HHS”) via a recently...more
The Connecticut Data Privacy Act (CDPA), which became effective on July 1, 2023, provides Connecticut residents with certain rights over their personal information and establishes responsibilities and privacy protection...more