Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
The healthcare ecosystem has closed the book on a volatile 2025, and HIPAA enforcement has moved into 2026 with sharper edges, wider apertures, and higher stakes. Regulators spent 2025 refining the tools they use, broadening...more
Today I left the house again. I thought my life would be simple, maybe settle into a spreadsheet and hang out for a while. Instead, I’m a frequent flyer in every modern organization. I have more passport stamps than a travel...more
Cybersecurity and data privacy provisions should be a central consideration whenever parties negotiate contracts involving third‑party service providers who will access or process business data. This applies across a broad...more
On November 17, 2025, Ontario’s Information and Privacy Commissioner (ON IPC) and Alberta’s Office of the Information and Privacy Commissioner (AB OIPC) each released their findings from their investigations into a...more
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
The New York Department of Financial Services (“NYDFS”) implemented the final phases of amendments to its NYDFS Cybersecurity Regulation (23 NYCRR Part 500) in May and November....more
Recently, the NCUA published a list of resources aimed toward guiding credit unions implementing AI or partnering with AI third-party vendors. The publication noted that while AI presented significant opportunities for...more
As we have discussed in prior posts, AI-enabled smart glasses are rapidly evolving from niche wearables into powerful tools with broad workplace appeal — but their innovative capabilities bring equally significant legal and...more
Artificial intelligence has quickly shifted from an innovative experiment to a core operational tool across industries. As business teams explore new AI service providers—ranging from automated analytics engines to...more
Recent draft cybersecurity guidance from the National Institute of Standards and Technology (NIST) provides an opportunity for government contractors who provide IT services to federal agencies to weigh in on implementation...more
On December 22, the National Credit Union Administration (NCUA) updated its Artificial Intelligence (AI) resource page to consolidate key technical and policy references for federally insured credit unions. The page sits...more
A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business...more
While 2025 may have brought questions about the level of enforcement we would see from federal regulators, there was no question that state regulators would continue to be active, especially in the financial privacy space....more
Financial regulators including the Securities and Exchange Commission (“SEC”) continued to focus on data protection and cybersecurity issues throughout 2025....more
Each year, there is a holiday surge in cyberattacks employing a wide range of attack vectors. This heightened activity can make organizations more vulnerable to legal and regulatory scrutiny. This is a good time to check your...more
700Credit, a Michigan-based company that runs credit checks and identification verification services for automobile dealerships nationwide, has announced that an “integrated partner” was compromised, allowing a bad actor to...more
Last month, the U.S. Securities and Exchange Commission (SEC) Division of Examinations released its Fiscal Year 2026 “Examination Priorities.” In this year’s release, the SEC announced that it will begin examining covered...more
The Cyberspace Administration of China (the "CAC") released the Measures on the Management of Cybersecurity Incident Reporting (the "Incident Reporting Measures") which came into force on 1 November 2025. The Measures provide...more
The Morrison Foerster Data, Cyber + Privacy team provides creative, practical advice across every stage of the information lifecycle, from navigating complex privacy laws and managing breach response to litigating data...more
The SEC's 2024 amendments to Regulation S-P introduce the most comprehensive update to federal privacy and data security standards for SEC-regulated institutions since the rule was adopted. While the amendments are directed...more
Le 5 novembre 2025, Affaires mondiales Canada a publié l’Avis aux exportateurs no 1159 (les « lignes directrices »), qui précise les situations où l’utilisation des services infonuagiques constitue une exportation de...more
On October 21, 2025, the New York Department of Financial Services ("NYDFS") sent a letter to the executives and information security personnel at covered entities with new guidance for managing technology and data risks...more
On November 17, the SEC’s Division of Examinations published its 2026 examination priorities, outlining key areas of regulatory focus for the upcoming year. ...more
A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data...more
Since the enactment of Singapore’s Cybersecurity Act 2018 (Cybersecurity Act), Singapore’s digital economy has grown rapidly, and cyber threats have evolved at a remarkable pace. To address this shifting landscape, the...more