Treating Compliance Like an Asset
When DEI Meets the FCA: What Employers Need to Know About the DOJ’s Civil Rights Fraud Initiative
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 241: Fighting Nurse Burnout with Data-Driven Innovation with Dr. Ecoee Rooney of Indicator Sciences
Compliance Tip of the Day: Assessing Internal Controls
Daily Compliance News: July 7, 2025 the Disaster on the River Edition
Multijurisdictional Employers, P2: 2025 State-by-State Updates on Non-Compete/Non-Solicitation Agts
10 For 10: Top Compliance Stories For the Week Ending June 28, 2025
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Episode 30 - Inaugural Episode with Ian Sherr: Compliance Week’s Insights and Reflections from June to July 2025
How International Companies Can Prepare for July 9 Tariffs
The Dark Patterns Behind Corporate Scandals
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Daily Compliance News: June 26, 2025, The? Matt Galvin Honored Edition
Current Regulatory, Legislative, and Litigation Developments on ADA Website Accessibility for Consumer Finance Digital Platforms — The Consumer Finance Podcast
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance into the Weeds: Boeing’s New Safety Initiatives and Compliance Reforms
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Legal Shifts in 2025 Put Employer Non-Compete Strategies at Risk - Employment Law This Week® - Spilling Secrets Podcast
Summer Strategies for Work Success
I didn’t plan on working in cybersecurity. My path wasn’t exactly traditional, but every job I had taught me how systems break—technical or operational, it didn’t matter. ...more
The European Banking Authority (EBA) has published its spring 2025 risk assessment report alongside a press release, outlining key developments and emerging risks within the European Union/European Economic Area (EU/EEA). The...more
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
On June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Defense Cyber Crime Center (DC3) published a...more
The FDA has finalized its guidance on cybersecurity for medical device premarket submissions, providing additional insight into the agency’s expectations for how manufacturers integrate cybersecurity risk management into...more
Most organizations rely on complex supply chains, and that reliance has become a point of vulnerability for cyberattacks. This spring, we have witnessed a large-scale cyberattack on a major British multinational retailer due...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its...more
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more
As tensions flare in the Middle East, speculation is growing over the potential impacts of Iranian cyberattacks targeting US based companies and infrastructure. We saw similar reactions in 2020 following the death of the head...more
The New York State Department of Financial Services (the “Department”) has issued guidance (“Guidance”) to all individuals and entities regulated by the Department (“Regulated Entities”) to underscore the importance of...more
Artificial intelligence (AI) systems are vulnerable to more than just threat actors. Our Privacy, Cyber & Data Strategy Group examines joint guidance issued by U.S. and international cybersecurity agencies that provides best...more
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Enterprises don’t have a staffing problem. They have a systems problem. In a recent engagement, we were engaged to help improve a global SOC operation. Despite having over 30 analysts on staff, the team was missing...more
Last week, the Trump administration made its priorities clear for the nation’s cybersecurity posture in the form of the newly issued executive order entitled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity...more
The National Security Agency (NSA), in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and cybersecurity agencies from Australia, New Zealand, and the...more
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more
On May 22 2025, the cybersecurity agencies from the US, UK, Australia, and New Zealand published a Cybersecurity Information Sheet (CIS) on ensuring that data used to train and use artificial intelligence (AI) and machine...more
The Posture Visibility Problem - CrowdStrike Cloud Security Posture Management (CSPM) provides critical visibility into misconfigurations—such as publicly accessible storage, unencrypted assets, and overly permissive...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
The risks associated with leveraging open source libraries, and the review needed, are increasing. In the first half of 2025, cybersecurity researchers observed a sharp rise in the incidence of malicious code embedded in...more
When planning a major design development project, whether it’s a corporate campus, data center, or mixed-use facility, deciding how much to invest in security can be a complex question. A practical, risk-based approach to...more
Disruption, volatility, and uncertainty aren’t new operating conditions by any means. But the assumptions that have long driven corporate thinking—the role of government, geopolitical norms, and consistency in US policies as...more
Artificial intelligence is driving a transformation across industries, with unprecedented opportunities for innovation, automation, and efficiency. Yet as AI integrates more deeply into business processes, it also brings a...more