DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
Welcome to the latest issue of Bracewell’s FINRA Facts and Trends, a monthly newsletter devoted to condensing and digesting recent FINRA developments in the areas of enforcement, regulation and dispute resolution. This month,...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
We are pleased to present our annual End of Year Plan Sponsor “To Do” Lists. This year, we present our “To Do” Lists in four separate SW Benefits Updates. This Part 1 covers year-end health and welfare plan issues. Parts 2,...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
by Becky Achten New guidance from the Employee Benefits Security Administration (EBSA) affirms that both sides—retirement plans and welfare plans—must take steps to secure participant data from cybercrime. In 2021 the...more
A recently announced settlement with online alcohol addiction treatment service Monument Inc. demonstrates the Federal Trade Commission’s (FTC) continued focus on the use and disclosure of health data. The proposed settlement...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
In today's evolving world of security and data privacy, K-12 schools, universities, local governments, and hospitals are increasingly finding themselves on the same list: vulnerable to the threat of a cyberattack....more
Examining AI tools: Before deciding to purchase and implement AI tools in an organization, one must consider various aspects, including privacy issues, discrimination, copyright protection, and suppliers and contracts. The...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
On July 26, 2023, the US Securities and Exchange Commission (SEC) released final rules requiring disclosure by public companies of material cybersecurity incidents and policies and procedures related to cybersecurity risk...more
Most people know what a deepfake is but have not put much thought into how it could affect business operations. Deepfakes are videos, pictures, or audio that have been convincingly manipulated to misrepresent a person saying...more
The SEC continued its recent onslaught of proposed cybersecurity rules in mid-March with three new proposals covering a litany of entities, including investment advisers, broker-dealers, investment companies, clearing...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Key Takeaways: ..On August 13, 2021, FINRA issued Regulatory Notice 21-29 (“RN 21-29”) to remind member firms that they must establish and maintain an adequate supervisory system, including written supervisory procedures...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
The pandemic year of 2020 presented FDA with many enormous challenges, including how to use emergency authorizations to approve diagnostic tests, personal protective equipment, and therapies, how to conduct remote...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more