New Virginia "Workplace Violence" Definition and Healthcare Reporting Law: What's the Tea in L&E?
Top challenges with Compliance Management
Episode 377 -- Refocusing Due Diligence on Cartels and TCOs
Daily Compliance News: July 11, 2025, The What is a COI Edition
Regulatory Ramblings: Episode 73 - Geopolitical Risk: Thai Tensions / Sanctions, Tariffs & FCPA Enforcement in Asia
Treating Compliance Like an Asset
When DEI Meets the FCA: What Employers Need to Know About the DOJ’s Civil Rights Fraud Initiative
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Compliance Tip of the Day: Lessons from Internal Control Failures
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 241: Fighting Nurse Burnout with Data-Driven Innovation with Dr. Ecoee Rooney of Indicator Sciences
Compliance Tip of the Day: Internal Control Deficiencies
Daily Compliance News: July 8, 2025, The Learning on the Job Edition
#Risk New York Speaker Series – Exploring Future Regulatory Trends and Compliance Strategies with Rory McGrath
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Compliance Tip of the Day: Assessing Internal Controls
Daily Compliance News: July 7, 2025 the Disaster on the River Edition
Multijurisdictional Employers, P2: 2025 State-by-State Updates on Non-Compete/Non-Solicitation Agts
10 For 10: Top Compliance Stories For the Week Ending June 28, 2025
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Episode 30 - Inaugural Episode with Ian Sherr: Compliance Week’s Insights and Reflections from June to July 2025
What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors....more
Two recent decisions from the Northern District of California—Shah v. Capital One Financial Corp., No. 24-cv-05985-TLT, 2025 WL 714252 (N.D. Cal. Mar. 3, 2025), and M.G. v. Therapymatch, Inc., No. 23-cv-04422-AMO, 2024 WL...more
There are many factors to consider when assisting clients with assessing the use of artificial intelligence (AI) tools in an organization and developing and implementing an AI Governance Program. Although adopting an AI...more
Ensure your vendors are crisis-ready by recognizing these key indicators of weak continuity planning. The interconnected nature of modern business means that your vendors’ operational resilience can, and frequently does,...more
Considering the rapid development and deployment of artificial intelligence (AI) in a wide array of applications and business sectors, it can be a daunting task for a company’s General Counsel (GC) to keep pace in identifying...more
In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more
In all our work with clients, my evaluation and expectations around compliance readiness come down to one point: Governance. This can mean a variety of things when it comes to a compliance program, but overall, we boil it...more
Oversight of data-related risks: From data governance to GenAI and cybersecurity While data governance has been a priority for companies for some time, the explosive growth in the use of generative artificial intelligence...more
The ever-increasing privacy and security risks via third-party vendors and service providers were apparent in 2023 with news of large organizations such as MOVEit, Okta and AT&T being affected. Research has shown that 98...more
In July, the Innovation, Cybersecurity and Technology Committee of the National Association of Insurance Commissioners (NAIC) released an exposure draft of its model bulletin titled “Use of Algorithms, Predictive Models, and...more
As we previously discussed, earlier this year the National Institute of Standards and Technology (NIST) launched the Trustworthy and Responsible AI Resource Center. Included in the AI Resource Center is NIST’s AI Risk...more
This year’s news has been full of stories about “generative” artificial intelligence (AI) applications. Generative AI tools create code, text, images, and other content in response to text prompts, queries, and other inputs....more
Health care providers should evaluate their use of “tracking technologies” on their websites and mobile applications (apps) for compliance with HIPAA. On December 1, 2022, the Office for Civil Rights (OCR) issued a bulletin...more
In a December 2022 bulletin published by the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS), HHS made clear that the use of third-party tracking technologies by covered entities and business...more
This blog is the third in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls, such as...more
This blog is the second in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls, such as...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more
On September 15, 2015, OCIE issued a risk alert relating to its new cybersecurity examination initiative. This is the second round of these examinations, and the alert provides a detailed look at OCIE’s current areas of...more
Companies are reminded of the need for strong internal controls. The US Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) recently filed civil and criminal actions in the largest hacking and...more