Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Preparing for a Government Healthcare Audit
Tackling Credit Push Fraud: Understanding Nacha's Risk Management Package (Part Two) — Payments Pros: The Payments Law Podcast
Compliance into The Weeds: The Complexity of Risk Assessments
Behavioral Health Compliance
The Importance of Assessment Areas
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
What Physicians Need to Understand About Balance Billing
What Nonprofit Board Leadership Needs To Know About Internal Investigations
Taking a Behavioral Approach to Compliance
Episode 291 -- Interview of Mary Shirley on Her New Compliance Book
ChatGPT Risks for Compliance Programs
Season 2 Episode 3 - The Role of Ethics and Compliance Programs in International Business
In the Boardroom With Resnick and Fuller - Episode 4
What Non-Financial Institutions Need to Know About Gramm-Leach-Bliley
"Board-er" Patrol in Privacy and Cyberattacks - Unauthorized Access Podcast
Your business may want to jump on the Generative AI (GAI) bandwagon and discover how your company may become more productive, competitive, reduce costs, and make the most of new technology. There are many intriguing and...more
Last week, the California Legislature passed several bills that, if signed by the governor, will regulate how organizations develop, train, and use artificial intelligence (AI) models, systems, and applications. Of these...more
Whether caused by family member thoughtlessness, employee error or the acts of a skilled data thief, everyone is likely to be the victim of an information breach at some point. A cyberattack on a family office or family...more
Last month, I wrote a blog post on the tone at the top, exemplified in the Star Trek, the Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a...more
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more
Defining the role of inherent risk in cybersecurity - Inherent risk is a concept that while fundamental to cybersecurity, has largely been disregarded by popular cybersecurity risk guidelines and standards and remains arcane...more
Share on Twitter Print Share by Email Share Back to top “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” Those were among the remarks that U.S. Securities and...more
The Securities and Exchange Commission (“SEC”) has announced the adoption of amendments to Regulation S-P (“Amendments”) to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal...more
On March 11, 2014, the Environmental Protection Agency (EPA) published in the Federal Register amendments to the Risk Management Program (RMP) rule (Final Rule). Going into effect on May 10, 2024, EPA’s Final Rule, named the...more
On November 1, 2023 the New York Department of Financial Services ("DFS") released amended cybersecurity regulations ("Regulations"). These changes will impose additional controls, demand more frequent risk assessments, and...more
On November 13, 2023, Governor Kathy Hochul announced plans to regulate cybersecurity for New York general hospitals regulated under Article 28 of the Public Health Law. As proposed, the regulations will provide an additional...more
Key Takeaways - With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
The Economic Crime Bill received Royal Assent on 26 October 2023. Included in the Act is the failure to prevent fraud offence, under which large companies will be liable when a specified fraud offence is committed by an...more
Editor’s Note: This article covers valuable insights on artificial intelligence’s (AI) evolving role in cybersecurity and incident response shared during an expert panel discussion. As cybersecurity, information governance,...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Typically, we beat the drum of the need to prepare for a data incident—anything from a full-blown ransomware attack to an employee accidently sharing data with the wrong person—by having your Incident Response Plan developed...more
There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more
Cyberattacks continue to rise, increasing the need for robust data security. Global weekly attacks rose by 7% during the first quarter of 2023, versus the same quarter last year. Each organization is estimated to face on...more
At an open meeting on March 15, 2023, the U.S. Securities and Exchange Commission voted three to two to propose a new rule, form and amendments (together, “Proposed Rule”) and published an accompanying release (“Release”)...more
Critical infrastructure and essential services in the United States—especially small or rural service providers—are highly vulnerable to disruptions from cyber attacks. Given the ever-growing need for cybersecurity services...more
Cybersecurity attacks, such as malware, phishing emails, and password attacks, are a growing threat to patients and medical practices. Cyber attacks can significantly disrupt patient care, including by exposing confidential...more
EPA Aims to Mitigate Risk of Cyberattack on Public Water Systems On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued its Memorandum Addressing Public Water System (PWS) Cybersecurity in Sanitary Surveys or...more
On March 15, 2023, the Securities and Exchange Commission (“SEC”) issued three releases proposing (i) amendments to Regulation S-P (“Regulation S-P Proposal”)1, (ii) amendments to Regulation SCI (“Regulation SCI Proposal”)2,...more
Quick Take: The SEC proposed new requirements for several different market entities designed to mitigate cybersecurity risk, including requirements relating to written policies and procedures and notifications about...more