DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
On July 26, 2023, the US Securities and Exchange Commission (SEC) released final rules requiring disclosure by public companies of material cybersecurity incidents and policies and procedures related to cybersecurity risk...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
Recently, the Federal Reserve Board (Fed) published its annual Cybersecurity and Financial System Resilience report describing measures it has taken to strengthen cybersecurity in the financial services sector, including the...more
Following closely on its proposal for substantial new cybersecurity requirements for investment advisers and registered investment companies, the Securities and Exchange Commission (SEC) unveiled a new slate of proposed...more
The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law...more
Is this a Start of Something New for Third-Party Management? The demand for responsible cybersecurity in business is ubiquitous. The need to protect information is not limited to the financial services, insurance and...more
CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of...more
The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more
The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more
The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more
On Aug. 11, 2015, federal prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against nine individuals in the U.S. and Ukraine who were allegedly involved in a five-year,...more