DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
As summarized in our prior article on this topic, individual coverage health reimbursement arrangements (ICHRAs) are gaining popularity and constituting a larger part of the overall employer-provided health coverage market. ...more
Welcome to the latest issue of Bracewell’s FINRA Facts and Trends, a monthly newsletter devoted to condensing and digesting recent FINRA developments in the areas of enforcement, regulation and dispute resolution. This month,...more
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of...more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
The sheer proliferation of supply chain transparency and accountability regulations at international scale itself warrants a closer look at the level of scrutiny required of organizations with complex, multi-faceted, global,...more
Strategies for Mitigating Unseen Threats and Managing 4th- and Nth-Party Risk in Your Modern Business. Organizations today have transitioned from using on-site server rooms to relying on third-party services and cloud...more
On June 6, 2023, the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. (collectively, the “Agencies”) issued final interagency guidance that...more
Most people know what a deepfake is but have not put much thought into how it could affect business operations. Deepfakes are videos, pictures, or audio that have been convincingly manipulated to misrepresent a person saying...more
As we explained in our last post, managing ediscovery in the cloud is the only viable solution for dealing with the massive amount of electronic data involved in litigation today. Nextpoint has been an advocate for...more
On October 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed a new Rule 206(4)-11 and amendments to Rule 204-2 under the U.S. Investment Advisers Act of 1940 (Advisers Act), as well as amendments to Form...more
On October 26, 2022, the Securities and Exchange Commission (SEC) proposed new Rule 206(4)-11 under the Investment Advisers Act of 1940 (Advisers Act), which would prohibit SEC-registered investment advisers from outsourcing...more
On October 26, 2022, the US Securities and Exchange Commission (SEC) proposed a new rule and rule amendments under the Investment Advisors Act that, if passed, would prohibit registered investment advisors from outsourcing...more
In this third post of our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on contractual requirements. (Visit here for information about...more
The task of conducting due diligence in the selection of technology vendors is a critical component of the lawyer’s ethical obligation to maintain reasonable security over client confidential information. However, for several...more
The Telephone Consumer Protection Act (TCPA) poses a constant threat to companies that wish to communicate with existing and prospective customers because the statute imposes strict liability on companies that call or text...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Key Takeaways: ..On August 13, 2021, FINRA issued Regulatory Notice 21-29 (“RN 21-29”) to remind member firms that they must establish and maintain an adequate supervisory system, including written supervisory procedures...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
On July 13, the Federal Reserve, FDIC, and OCC proposed risk management guidance to help banking organizations manage risks related to third-party relationships, including relationships with vendors, FinTech companies,...more
Learning Objectives: - Develop greater understanding of the main US trade restrictions on China and Russia - Gain familiarity into key compliance issues under current restrictions, including related to exports, supply...more
We previously reported that the Connecticut Insurance Department had issued Bulletin IC-42 to all licensees, providing guidance for compliance with the State's Insurance Data Security Law (the Act). However, in light of the...more
The Consumer Financial Protection Bureau's Compliance Bulletin and Policy Guidance; 2016-02, Service Providers addresses the CFPB's expectation that companies oversee their business relationships with service providers in a...more
Are you about to sign a service agreement with a third-party service provider under which it will access and use technology of your company? Have you checked your applicable third-party contracts to see if you need any...more