Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Security researchers at Huntress Labs have identified a vulnerability in SolarWinds’s Web Help Desk that threat actors are exploiting to allow them to execute code remotely....more
The healthcare ecosystem has closed the book on a volatile 2025, and HIPAA enforcement has moved into 2026 with sharper edges, wider apertures, and higher stakes. Regulators spent 2025 refining the tools they use, broadening...more
On January 29, 2026, the Federal Communications Commission’s (“FCC” or the “Commission”) Public Safety and Homeland Security Bureau issued a Public Notice (DA 26-96) to highlight best practices that communications providers...more
Cybersecurity and data privacy provisions should be a central consideration whenever parties negotiate contracts involving third‑party service providers who will access or process business data. This applies across a broad...more
On November 17, 2025, Ontario’s Information and Privacy Commissioner (ON IPC) and Alberta’s Office of the Information and Privacy Commissioner (AB OIPC) each released their findings from their investigations into a...more
Cyber law and practice have continued to evolve over the past 12 months. New laws and regulations have been unveiled or come into force, while enforcement authorities have sharpened their focus on issues including board...more
Here are the five primary risk areas when a company uses AI in a supportive or assistance-based role as opposed to an algorithmic-based use case....more
From my perspective, hopefully a reasonable one, there is a little too much AI-Risk Hype. Not to belittle the experts or ignore potential risk concerns but this is getting a little carried away....more
The National Institute of Standards and Technology (NIST) recently released their initial preliminary draft of NIST IR 8596, also known as the Cybersecurity Framework Profile for Artificial Intelligence. This new...more
WHAT: The FedRAMP Program Management Office (PMO) has released a “final set” of proposed changes to the FedRAMP process for authorizing and assessing the security of cloud services for federal consumption. The final proposed...more
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
The European Supervisory Authorities (comprising the European Securities and Markets Authority, the European Insurance and Occupational Pensions Authority and the European Banking Authority) have entered into a Memorandum of...more
As organizations increasingly rely on third-party service providers (TPSPs) for critical services, including cloud computing, IT management, and fintech solutions, the scale and complexity of cyber risks have grown. A recent...more
The New York Department of Financial Services (“NYDFS”) implemented the final phases of amendments to its NYDFS Cybersecurity Regulation (23 NYCRR Part 500) in May and November....more
Recently, the NCUA published a list of resources aimed toward guiding credit unions implementing AI or partnering with AI third-party vendors. The publication noted that while AI presented significant opportunities for...more
As we have discussed in prior posts, AI-enabled smart glasses are rapidly evolving from niche wearables into powerful tools with broad workplace appeal — but their innovative capabilities bring equally significant legal and...more
Recent draft cybersecurity guidance from the National Institute of Standards and Technology (NIST) provides an opportunity for government contractors who provide IT services to federal agencies to weigh in on implementation...more
With the news that over 70% of S&P 500 companies provide some sort of AI-related risk factors in their SEC disclosures, it’s a good time to review the type of risk factors that you might want to consider – of course,...more
On December 22, the National Credit Union Administration (NCUA) updated its Artificial Intelligence (AI) resource page to consolidate key technical and policy references for federally insured credit unions. The page sits...more
The First Circuit recently affirmed a District of Massachusetts decision granting summary judgment in litigation arising from a 2018 data breach involving protected health information (PHI). In Axis Insurance Co. v. Barracuda...more
A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business...more
While 2025 may have brought questions about the level of enforcement we would see from federal regulators, there was no question that state regulators would continue to be active, especially in the financial privacy space....more
Financial regulators including the Securities and Exchange Commission (“SEC”) continued to focus on data protection and cybersecurity issues throughout 2025....more
Each year, there is a holiday surge in cyberattacks employing a wide range of attack vectors. This heightened activity can make organizations more vulnerable to legal and regulatory scrutiny. This is a good time to check your...more
700Credit, a Michigan-based company that runs credit checks and identification verification services for automobile dealerships nationwide, has announced that an “integrated partner” was compromised, allowing a bad actor to...more