DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On July 1, the California Attorney General (CA AG) announced a $1.55 million settlement – the largest penalty issued under the California Consumer Privacy Act (CCPA) to date – with Healthline, an online health and wellness...more
The debt settlement industry is fast emerging as a significant portion of the overall consumer financial services market, yet many still do not understand the space. Please join Hudson Cook partner Cathy Brennan as she...more
The New York State Department of Financial Services (the “Department”) has issued guidance (“Guidance”) to all individuals and entities regulated by the Department (“Regulated Entities”) to underscore the importance of...more
In a decision about ERISA’s fiduciary duties and transparency, the Sixth Circuit in Tiara Yachts, Inc. v. Blue Cross Blue Shield of Michigan held that Blue Cross Blue Shield of Michigan (BCBSM), a third-party administrator...more
For physicians with independent practices, engaging a third-party billing company to manage the billing process is an attractive option. Medical billing is increasingly complex and time consuming, and outsourcing that...more
California is once again at the forefront of privacy regulation, this time with a sharp focus on the insurance sector. California’s proposed Senate Bill 354, styled as the Insurance Consumer Privacy Protection Act of...more
DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more
The past year has brought a number of federal appellate rulings under the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710, one of the statutes under which plaintiffs have been filing numerous claims in recent years...more
Strategic sales teams know that speed and consistency aren’t just nice to have – they are essential. But when creative resources are stretched thin or siloed in marketing, sales enablement efforts can stall. The result?...more
Certain transactions between employee benefit plans and “parties in interest” are prohibited under the Employee Retirement Income Security Act of 1974, as amended (ERISA). ...more
The U.S. Department of Treasury (Treasury) released final and proposed regulations under § 861 of the Code addressing the U.S. federal income tax classification of digital content and cloud computing transactions (the “Final...more
The past few years have seen a surge of activities from states with respect to the introduction and adoption of consumer privacy bills. These bills vary from state to state, but generally include requirements around data...more
As of April 1, 2025, all merchants and third-party service providers (TPSPs) involved in processing credit or debit card payments must fully adhere to the enhanced security requirements outlined in the Payment Card Industry...more
On 12 March 2025, the California Privacy Protection Agency (CPPA) settled with an automaker that allegedly violated various aspects of the California Consumer Privacy Act (CCPA). This first-of-its-kind settlement for the...more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as...more
An online retailer was recently hit with the first class action under Washington’s consumer health data privacy law alleging that it used advertising software attached to certain third-party mobile phone apps to unlawfully...more
On January 28, 2025, FINRA published its Annual Regulatory Oversight Report (the Report). The Report highlights emerging risk areas and recent developments, common compliance deficiencies, and best practices for member firms....more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
As a plan fiduciary, I still can’t believe it. A Third Party Administrator (TPA) we terminated was trying to hold us up for valuations and a Form 5500 we paid for, as part of, annual administration. It was $80,000....more
Regulators are growing concerned about the delegation of various insurance company functions, prompting a closer examination of third-party vendors. Several groups within the National Association of Insurance Commissioners...more
What has happened: On 21 January 2025, the European Commission sent a letter to the Chair of the Joint Committee of the ESAs with its decision to reject the draft Regulatory Technical Standards (“RTS”) on subcontracting...more
As part of Data Privacy Awareness Week, Ward and Smith is spotlighting the most common types of data breaches that businesses encounter. In Part 1, we explored the industries most vulnerable to cyberattacks, highlighting the...more