Regulatory Rollback: Inside the CFPB’s FCRA Guidance Withdrawal — The Consumer Finance Podcast
Cruising Through Change: The Auto-Finance Industry’s New Era Under Trump Unveiled — Moving the Metal: The Auto Finance Podcast
Regulatory Rollback: Inside the CFPB's FCRA Guidance Withdrawal — FCRA Focus Podcast
Healthcare Enterprise Risk Management
GILTI Conscience Podcast | Navigating Brazil's New Transfer Pricing Landscape: A Shift to OECD Standards
Importance of Compliance Management in times of transition
Understanding MALPB Charters: A Collaborative Approach to Banking Innovation — Payments Pros – The Payments Law Podcast
Law Firm ERGs Under Scrutiny: Navigating Compliance, Risk, and Culture - On Record PR
Navigating Legal Strategies for Covering GLP-1s in Self-Insured Medical Plans — Employee Benefits and Executive Compensation Podcast
LathamTECH in Focus: How Should Crypto Companies Be Thinking About New Laws?
The Standard Formula Podcast | Assessing Prudential Solvency Regimes in the Middle East
Regulatory Rollback: Impact on Industry of CFPB's Withdrawal of Fair Lending and UDAAP Informal Guidance — The Consumer Finance Podcast
Cannabis Law Now Podcast - The 4-1-1 on Cannabis Receiverships from a Top Cannabis Receiver
The LathamTECH Podcast — Where Digital Assets Slot Into a Shifting Fintech Regulatory Landscape: Insights From the US, UK, and EU
Compliance Tip of the Day: Discipline and Rigor in GTE Internal Controls
Compliance into the Weeds: Boeing, a NPA and the End of Monitors
Podcast - New Guidance on Complying with FTC Rule on Deceptive and Unfair Fees
Tenant Tales and Reseller Realities: Inside the FCRA Arena With Eric Ellman — FCRA Focus Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Compliance Tip of the Day - Contextual Diversity in Compliance
When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more
When we are retained by clients to guide them through a cyber-attack in which information has been stolen by a threat actor, we almost always find that the client has unnecessarily stored sensitive information far beyond the...more
Cybercriminals look for two things when seeking a victim—access and opportunity. ERISA retirement plans offer both. Cybercriminals exploit weaknesses in systems, software, or human behavior to find opportunities for easy...more
On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act...more
In the context of a significant increase in data breaches and cyber-attacks impacting hospitals, the French Data Protection Authority (“CNIL”) has launched a series of investigations and issued several formal notices to...more
On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively...more
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
Cyber incidents such as the 2024 event involving Change Healthcare, which compromised the personal information of over 100 million people, highlight the evolving nature of cyber threats – increasingly becoming risk management...more
Today’s interconnected world presents significant challenges for managing cross-border e-discovery and data breach investigations. These processes—critical for legal proceedings and cybersecurity—are often complicated by...more
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
The hospitality industry is a prime target for cyber criminals, due in part to the high volume of sensitive guest data, including financial information, that companies maintain. Almost one-third of hospitality organizations...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
We invite you to join us for an insightful webinar on Best Practices in Cyber Preparedness for Government Contractors and Critical Infrastructure Operators on Wednesday, October 23, 2024, from 12:00 p.m. – 1:00 p.m. EDT....more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
A privacy breach can have detrimental consequences for startups: A privacy breach may trigger legal consequences and regulatory scrutiny, especially for a startup that operates in areas with stringent data protection laws...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more
The recent SEC lawsuit against SolarWinds Corp and its CISO, Tim Brown, following the 2020 data breach, has brought the issue of executive liability in cybersecurity disclosures to the forefront. This case sheds light on the...more
In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this...more
The U.S. Securities and Exchange Commission has a message for publicly-traded companies that suffer a data breach: own up. On Monday, the SEC sued Texas-based SolarWinds––and its Chief Information Security Officer...more
France's Orientation and Programming Law of the Ministry of the Interior ("LOMPI law"), published in the Official Journal of January 25, 2023, amends the insurance coverage of losses and damages paid in response to...more
With the first wave of amendments to Québec’s An Act Respecting the Protection of Personal Information in the Private Sector (“PPIPS”) having taken effect just over a month ago, we thought we would share some misconceptions...more
On March 29, 2022, federal banking regulators issued important guidance for how banking organizations can comply with the upcoming requirement to notify regulators within 36 hours of ransomware or other disruptive...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more