Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On November 17, 2025, Ontario’s Information and Privacy Commissioner (ON IPC) and Alberta’s Office of the Information and Privacy Commissioner (AB OIPC) each released their findings from their investigations into a...more
As organizations increasingly rely on third-party service providers (TPSPs) for critical services, including cloud computing, IT management, and fintech solutions, the scale and complexity of cyber risks have grown. A recent...more
In this episode of The Good Bot, Brett Mason sits down with Leigh Zeiser, director of AI and automation at Troutman Pepper Locke, to unpack how the firm operationalizes AI responsibly. They discuss the firm's AI portfolio —...more
Proactive planning and governance from both clients and vendors are essential to manage software sunsetting effectively....more
On December 22, the National Credit Union Administration (NCUA) updated its Artificial Intelligence (AI) resource page to consolidate key technical and policy references for federally insured credit unions. The page sits...more
The Basel Committee on Banking Supervision (BCBS) has published its principles for the sound management of third‑party risk, replacing the 2005 Joint Forum outsourcing paper and establishing a common baseline for banks and...more
The SEC's 2024 amendments to Regulation S-P introduce the most comprehensive update to federal privacy and data security standards for SEC-regulated institutions since the rule was adopted. While the amendments are directed...more
In the midst of nonprofits’ discovery of GoFundMe’s creation of donation pages for approximately 1.4 million nonprofit organizations without their consent or knowledge , another online fundraising platform for nonprofits has...more
Over the last weekend, major media reported that a key financial services provider, SitusAMC, suffered a substantial data security incident. This Alert summarizes what we know so far, the possible legal implications, and some...more
In this article we do a deep dive on key legal issues when buying a software business in Australia. Whether the business offers ‘traditional’ (on-premise) software, software as a service (SaaS, or other as-a-service models)...more
On October 20, 2025, FERC Staff issued a report outlining areas of risk to the reliability of the electric grid based on non-public Critical Infrastructure Protection (CIP) Audits of U.S. based North American Electric...more
Organizations that rely on third-party vendors for critical operations face unique challenges in managing vendor risks. These external relationships are essential for operational success, but can also create vulnerabilities...more
Covered Entities should expect heightened supervisory focus on relationships where third party service providers (TPSPs) access systems or handle non-public information (NPI). On October 21, the New York State Department of...more
Ed. Note: This is the fifth article in our series, “Conjuring Competitive Advantage: An AI Spellbook for Leaders,” focused on unlocking AI for business with practical steps and insights. Read Part 1, Part 2, Part 3, and Part...more
On October 21, 2025, the New York State Department of Financial Services (NYDFS) issued an industry letter highlighting risks associated with third-party service providers – such as providers of cloud computing, file transfer...more
The New York Department of Financial Services (NYDFS) issued an industry letter titled “Guidance on Managing Risks Related to Third-Party Service Providers” (Guidance) for Covered Entities engaging third-party service...more
With Giving Tuesday quickly approaching on December 2, 2025, nonprofits are alarmed to discover that GoFundMe, an online for-profit fundraising platform, had created donation pages for approximately 1.4 million nonprofit...more
On October 21, the NYDFS issued new cybersecurity guidance addressing the growing risks associated with regulated entities’ reliance on third-party service providers (TPSPs). The guidance clarifies compliance obligations...more
On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS...more
The New York Department of Financial Services (NYDFS) just sent a stark reminder to covered entities (which includes financial institutions, insurance companies, and any other businesses regulated by the NYDFS) that they are...more
Leaders charged with safeguarding data privacy and cybersecurity often assume that size equates to security—that large, well-resourced organizations must have airtight defenses against cyberattacks and data breaches. It’s a...more
Last week it came to light that the victims of two of the UK’s most high-profile recent data breaches — the Co-operative Group and Jaguar Land Rover — did not have cyber insurance in place. As a result, the companies will...more
Data breaches are increasing in frequency and cost for U.S. corporations, and businesses in the supply chain are often prime targets for bad actors. It’s critical for suppliers to understand the risk and costs of data...more
Question: The use of AI tools without formal approval from a company (referred to as “Shadow AI”) is increasing. What are the risks and how should companies respond? Answer: Employees across industries are quietly...more
In a world with increasingly interconnected companies, vendors, suppliers, logistics partners, and cloud services providers, Third-Party Risk Management (TPRM) has advanced from being an annual checklist exercise to a...more