The fatal flaws in the 2023 CRA rule
New Executive Order Targets Disparate Impact Claims Nationwide - #WorkforceWednesday® - Employment Law This Week®
Welcoming a New Payment Pro: Jason Cover Joins the Payments Pros Podcast — Payments Pros – The Payments Law Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
Medicaid Cuts: Potential Challenges and Legal Implications for Long-Term Care Facilities — Assisted Living and the Law Podcast
Tariffs and Trade Series: What Boards of Directors Need to Know
Under the Hood: Exploring the CFPB's 2025 Focus — Moving the Metal: The Auto Finance Podcast
Evolving AI Legislation: Federal Policies, Task Forces, and Proposed Laws — The Good Bot Podcast
Episode 369 -- Stepping Into the Enforcement Spotlight -- Customs and Border Patrol and Import Enforcement
10 For 10: Top Compliance Stories For the Week Ending May 17, 2025
Tariffs and Trade Series: What Investors Need to Know
Compliance Tip of the Day: Using Supply Chain to Innovate in Compliance
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Early Returns Podcast - Oliver Roberts: AI and the Law, and an Education
Compliance into the Weeds: Leaving on a (Qatari) Jet Plane
(Podcast) California Employment News: Back to the Basics of Employee Pay Days
Compliance Tip of the Day: Multiplying the Influence of Compliance
Innovation in Compliance: Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font
Compliance tip of the Day: Communication Through Persuasion
All Things Investigations: Task Force Strategies - Addressing New Government Priorities
The NAIC’s privacy protections and cybersecurity working groups have continued their building efforts....more
Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring...more
The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more
Cyber incidents such as the 2024 event involving Change Healthcare, which compromised the personal information of over 100 million people, highlight the evolving nature of cyber threats – increasingly becoming risk management...more
On 19 March 2025, the Legislative Council (the “LegCo”) passed the Protection of Critical Infrastructure (Computer System) Bill (the “Bill”), which is due to come into effect on 1 January 2026. This is a significant step in...more
On February 14, the Governor of New York signed into law SB 804 (the “Act”), which amends the general business law concerning when and how notifications for data breaches are provided to the New York Department of Financial...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
The U.S. Coast Guard (“USCG”) published a final rule on January 17, 2025, addressing Cybersecurity in the Marine Transportation System (the “Final Rule”), which seeks to minimize cybersecurity related transportation security...more
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was...more
On 17 October 2024, the European Commission adopted the first Implementing Regulation under the Network and Information Security 2 Directive (EU) 2022/2555 (NIS2), focusing on digital infrastructures and services. The...more
EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU...more
As we discussed in a recent post, earlier this year the U.S. Department of Housing and Urban Development (“HUD”) issued Mortgagee Letter 2024-10, which imposed a new requirement on all FHA-approved mortgagees to report...more
Welcome to our seventh 2024 issue of Decoded - our technology law insights e-newsletter. We have a few events we want to pass along to those interested in technology, but also other areas of law and business....more
The SEC’s Director of Corporation Finance, Erik Gerding, recently issued two statements regarding a public company’s disclosure obligations in response to a cybersecurity incident. These remarks follow the adoption of the...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
In this series of articles, we explore the different certification requirements of CMMC Levels 1, 2 and 3; the impact on contractors and external service providers; and proposed next steps... On December 26, 2023, the US...more
On March 12, the Department of Defense (DOD) promulgated a final rule that expands the eligibility criteria for the Defense Industrial Base (DIB) Cybersecurity Program, a voluntary initiative aimed at bolstering the DIB’s...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
Corporate legal departments are scrambling to stay ahead of the latest developments around cyber incident disclosure rules and regulations. In hopes of reducing panic and distress, a pair of legal experts are issuing a...more
Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration...more
On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more