Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
The Election's Impact on the FTC Will Bring Big Changes, But Being Vigilant Must Remain a Priority
Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
The Future of AI Regulation and Legislation: 5 Key Takeaways
Investigations and Cognitive Interviews
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
Law firms, accounting firms, and consulting firms are embracing AI to improve efficiency, deliver insight, and stay competitive. But without intentional governance, compliance, and policy frameworks, these innovations can...more
California appears to be changing its approach to how it regulates artificial intelligence, likely reflecting its reaction to challenges seen recently in other states. Namely, the California Privacy Protection Agency recently...more
When evaluating where artificial intelligence has had the most impact, many think of their personal use of AI or the integration of AI into many consumer applications. The use of AI in the employment context is on the back...more
In an era where digital threats are more sophisticated than ever, cybersecurity has become a pressing concern for family enterprises. These businesses are attractive targets for cyberattacks and need to balance the critical...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
On May 9, the California Privacy Protection Agency (CPPA) announced it opened the formal public comment period for its proposed regulations concerning updates to the California Consumer Privacy Act. The proposed rules would...more
On May 1, the California Privacy Protection Agency ("CPPA") board (the "Board") met to discuss revisions to proposed regulations relating to cybersecurity audits, risk assessments, and automated decision-making technologies...more
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making...more
After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic...more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI. Status of the AI Regulations - The Adherents have agreed to promote, implement, and adhere to the Recommendation. The Principles...more
As the regulatory landscape for AI continues to evolve, Colorado is considering significant changes to its recently enacted AI Act....more
Large Language Models (“LLMs”) are a subset of artificial intelligence (“AI”) which use a type of machine learning called deep learning in order to understand how characters, words, and sentences function together. The advent...more
Generative AI (GenAI) vendors, models, and uses cases are not created equal. Model providers must be trusted to handle sensitive data. Models, like tools in a toolbox, may be better suited for some jobs than others. Use cases...more
As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S....more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
Unlock a New Era of Customer Risk Assessment - Legacy customer risk rating (CRR) models—built on static KYC data and subjective judgment—are no longer sufficient in a world of dynamic threats and tightening regulatory...more
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more
On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated...more
Key Takeaways - - The California Privacy Protection Agency (CPPA) is substantially revising its draft privacy regulations. - Definitions for automated decision-making technology (ADMT) and "significant decisions" are...more