Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Cybersecurity and data privacy provisions should be a central consideration whenever parties negotiate contracts involving third‑party service providers who will access or process business data. This applies across a broad...more
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
As we have discussed in prior posts, AI-enabled smart glasses are rapidly evolving from niche wearables into powerful tools with broad workplace appeal — but their innovative capabilities bring equally significant legal and...more
The First Circuit recently affirmed a District of Massachusetts decision granting summary judgment in litigation arising from a 2018 data breach involving protected health information (PHI). In Axis Insurance Co. v. Barracuda...more
A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business...more
Financial regulators including the Securities and Exchange Commission (“SEC”) continued to focus on data protection and cybersecurity issues throughout 2025....more
700Credit, a Michigan-based company that runs credit checks and identification verification services for automobile dealerships nationwide, has announced that an “integrated partner” was compromised, allowing a bad actor to...more
Last month, the U.S. Securities and Exchange Commission (SEC) Division of Examinations released its Fiscal Year 2026 “Examination Priorities.” In this year’s release, the SEC announced that it will begin examining covered...more
The Cyberspace Administration of China (the "CAC") released the Measures on the Management of Cybersecurity Incident Reporting (the "Incident Reporting Measures") which came into force on 1 November 2025. The Measures provide...more
The SEC's 2024 amendments to Regulation S-P introduce the most comprehensive update to federal privacy and data security standards for SEC-regulated institutions since the rule was adopted. While the amendments are directed...more
A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data...more
Recently, major media reported that a key financial services provider, SitusAMC, suffered a substantial data security incident. This Alert summarizes what we know so far, the possible legal implications, and some action items...more
The deadline for “Larger Entities” to comply with the new data privacy and security requirements in the amendments to Regulation S-P is December 3, 2025. As we have detailed previously, the U.S. Securities and Exchange...more
In May 2024, the Securities and Exchange Commission (SEC) adopted significant amendments to Regulation S-P (the “Amendments”). These Amendments expand requirements related to safeguarding customer information, incident...more
When cyberattacks strike global giants, it’s front-page news. But what about the smaller breaches -- the ones that don’t make headlines? Increasingly, they’re making waves in courtrooms and regulatory enforcement agencies. ...more
As cybersecurity breaches grow more complex and frequent, regulators are increasingly focused on organizational compliance....more
Over the last weekend, major media reported that a key financial services provider, SitusAMC, suffered a substantial data security incident. This Alert summarizes what we know so far, the possible legal implications, and some...more
As 2025 comes to an end, there have been some valuable cybersecurity lessons for businesses. These involve vendor oversight, internal coordination, and incident response plans. Businesses should vow to address them in 2026 if...more
Another type of cyber attack. Operations for Japan-based beverage giant Asahi Group Holdings recently shut down after a cyberattack, causing a ripple effect that extended far beyond its breweries. The incident forced...more
Data breaches occur when an unauthorized individual or entity gains access to confidential or protected information. This information may include personal data such as Social Security numbers or medical records, financial...more
The U.S. Securities and Exchange Commission's (SEC's) May 2024 amendments to Regulation S-P established concrete, near-term compliance deadlines for registered investment advisers (RIAs) to adopt, implement, and maintain...more
In May 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P, requiring registered investment advisers (RIAs) to adopt written incident response program policies and procedures. ...more
The Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P in May 2024, significantly expanding privacy, data security and breach notification obligations for “covered institutions,” which includes...more
As artificial intelligence (AI) and data-driven decision-making become central to business operations, companies face a rapidly evolving landscape of cybersecurity and data privacy risk. Yet, many existing cyber insurance...more
Key Takeaways - Two recent data breach class action settlements involving third party administrators and their insurer co-defendants have resulted in nearly $20 million in combined payments....more