Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
The Election's Impact on the FTC Will Bring Big Changes, But Being Vigilant Must Remain a Priority
Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
The Future of AI Regulation and Legislation: 5 Key Takeaways
Investigations and Cognitive Interviews
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
Key Takeaways - - The California Privacy Protection Agency (CPPA) is substantially revising its draft privacy regulations. - Definitions for automated decision-making technology (ADMT) and "significant decisions" are...more
The California Privacy Protection Agency (CPPA) announced the formal public comment period for its latest proposed rulemaking package, which includes updates to existing regulations and introduces new guidelines for automated...more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
On April 12, Nebraska Governor Jim Pillen signed Legislative Bill 1074 into law, making Nebraska the 16th U.S. state to enact a comprehensive privacy law. The Nebraska Data Privacy Act (NEDPA) will take effect on January 1,...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
The firm is pleased to distribute the Q4 2023 edition of All Eyes on AI: Regulatory, Litigation, and Transactional Developments, which closely follows the evolving regulatory landscape for artificial intelligence (AI) in the...more
Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing revised draft cybersecurity audit regulations although the Agency has yet to initiate the formal rulemaking process....more
In August, the California Privacy Protection Agency (CPPA) released its initial draft regulations for cybersecurity audits and risk assessments under the California Privacy Rights Act (CPRA). While the CPPA has not yet...more
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal...more
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal...more
On August 29, 2023, the California Privacy Protection Agency (“CPPA”) released a set of draft regulations on cybersecurity audits and risk assessments. For those who recall the multiple rounds of the CPPA’s draft CCPA...more
FTC Is Tracking Twitter Developments With “Deep Concern” - Elon Musk’s recent purchase of Twitter has led to numerous resignations in the security department. Most recently, Twitter’s chief information security officer,...more
As data privacy regulations have become increasingly commonplace in the last decade, organizations have had to strategically assess how they collect, process, store, and sell consumer data. To better equip themselves for this...more
The Sedona Conference is a widely known institute that is focused on the study of law and policy in many areas including Information Governance (IG). The Sedona Conference Commentary on Information Governance provides 11 IG...more
Keypoint: The CPRA, CPA and VCDPA require data protection assessments for certain processing activities; however, when and how entities must conduct and prepare assessments varies....more
On February 2, 2022, the Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity released a new draft of a bill designed to provide mechanisms for how personal...more
Purpose and Background of the GLBA - The Gramm-Leach-Bliley Act (“GLBA”), also known as the Financial Services Modernization Act of 1999, is a federal statute enacted by Congress in 1999 that requires financial...more
The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that...more
On March 2, the Virginia Consumer Data Protection Act (VCDPA) was signed into law, becoming the second comprehensive state privacy law in the United States. The VCDPA reflects core principles from the California Consumer...more
On November 3, California voters passed the California Privacy Rights Act, a ballot initiative that substantially amplifies data privacy oversight for qualifying enterprises doing business in California. Although it builds...more
The full text of the Law of the People’s Republic of China on Personal Information Protection (Draft) (the Draft) was released on 21 October 2020 for public comments by 19 November 2020....more
The Situation: In the two years since China enacted the Cybersecurity Law, which granted authorities broad powers to monitor and investigate activities falling under its purview, authorities have increasingly penalized...more
The California Consumer Privacy Act of 2018 ("CCPA") was signed into law on June 28, 2018 and will take effect on January 1, 2020. The enforcement date - the first date on which the Attorney General may bring an enforcement...more