Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
Compliance Tip of the Day: What are Internal Controls?
Compliance Tip of the Day: Compliance Training Frequency
Compliance Tip of the Day: Design Objectives for Compliance Training
FCPA Compliance Report: The Power of Peer Support and Purpose Driven Leadership with Sarah Cole
Innovation in Compliance: Innovative Approaches to Compliance and Training with Catherine Choe
Compliance Tip of the Day: Multiplying the Influence of Compliance
Compliance tip of the Day: Communication Through Persuasion
Compliance Tip of the Day: Empowering Middle Managers to Drive Compliance Transformation
Compliance Tip of the Day: Middle Managers as the Eyes and Ears of Compliance
Compliance Tip of the Day – Role of Chatbots in Compliance
Beyond the Bylaws: The Medical Staff Show | The Role of Bylaws in Medical Staff Governance, Part II
The Presumption of Innocence Podcast: Episode 60 - Enforcement Priorities of the Second Trump Administration: Employee Retention Tax Credit
Compliance Tip Of the Day: Using AI to Transform Whistleblower Response
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
The Bottomline: Five Practical Steps for Generative AI Risk Management - As the first line of defense, employees within business operations must own and manage risks related to the business, including risks resulting from...more
As generative artificial intelligence continues to revolutionize business operations across industries, it has become imperative for companies to establish robust internal policies governing its use by employees. This alert...more
Insights for this month’s article are provided by ARDA members Gregory Szewczyk, partner at Ballard Spahr Practice Leader of the firm’s Privacy and Data Security Group, and Aaron Tantleff, partner in Foley & Lardner’s...more
Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more
“In assessing a generative AI product, it is critical to understand issues of data ownership and privacy. This cumbersome task is necessary to learn how the AI platform will use data, if the data shared is entering an open or...more
Ransomware attacks that shut business down to zero and data breaches that disclose the personal information of customers, vendors and employees justifiably strike fear in the hearts of executives everywhere. Organizations can...more
On November 30, 2022, OpenAI launched ChatGPT, and the artificial intelligence chatbot quickly became the talk of the corporate world. With over 100 million users, ChatGPT is one of the fastest growing applications of all...more
The coronavirus crisis is far from over, and compliance professionals still need every scrap of guidance that regulators can provide about how to run compliance programs in these difficult times. So when the Securities and...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
On January 27, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its most recent Cybersecurity and Resiliency Observations. This report highlights specific practices that have been, and can be...more
Our Regional Compliance Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational opportunities for...more
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
• The NFA has determined that registered CPOs must implement an internal controls system and highlighted best practices for such a framework. • In response to certain frequently asked questions, the NFA has also updated its...more
When it comes to digital threats, universities must protect not only a broad and deeply layered infrastructure, but also vast populations of students. In this episode, Elisa D’Amico and Desiree Moore outline their top five...more
Most companies have strengthened their cybersecurity defenses against outside hackers, but many often neglect the equal threat posed by those within their network walls — employees who already have privileged access to...more
On August 7, 2017, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released a summary of its observations (the report) from cybersecurity examinations of 75...more
These days cybersecurity seems to be all about technology. Pen testing, firewalls, port scanning, SIEM, zero-day, IPS, AES256, SHA, DMZ, NIDS, TLS, SS7 – I’ll stop. I could go on, but you get the idea. And I have a vested...more
Though corporate compliance programs can be expensive, companies that fail to implement such programs are about to double down on their gamble as a result of a newly imposed increase in civil fines. Prior to this increase,...more
A recent study by a well-known information security company captures one of the most common information security fallacies: that information security is a technology problem. Most businesses view mitigating information...more
Five social media law issues to discuss with your clients - The explosive growth of social media has clients facing legal questions that didn’t even exist a few short years ago. Helping your clients navigate this...more
WISP is the acronym for Written Information Security Policy. The information at issue is an individual’s personal information and identifiers, such as a Social Security number, driver’s license number, credit or debit card...more