Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Cyber law and practice have continued to evolve over the past 12 months. New laws and regulations have been unveiled or come into force, while enforcement authorities have sharpened their focus on issues including board...more
The National Institute of Standards and Technology (NIST) recently released their initial preliminary draft of NIST IR 8596, also known as the Cybersecurity Framework Profile for Artificial Intelligence. This new...more
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business...more
Financial regulators including the Securities and Exchange Commission (“SEC”) continued to focus on data protection and cybersecurity issues throughout 2025....more
Each year, there is a holiday surge in cyberattacks employing a wide range of attack vectors. This heightened activity can make organizations more vulnerable to legal and regulatory scrutiny. This is a good time to check your...more
Last month, the U.S. Securities and Exchange Commission (SEC) Division of Examinations released its Fiscal Year 2026 “Examination Priorities.” In this year’s release, the SEC announced that it will begin examining covered...more
The Cyberspace Administration of China (the "CAC") released the Measures on the Management of Cybersecurity Incident Reporting (the "Incident Reporting Measures") which came into force on 1 November 2025. The Measures provide...more
The holiday season is a time of celebration, but it’s also a prime opportunity for cyber threat actors. With many employees on leave and organizations operating with reduced staffing, malicious activity can go unnoticed....more
The Morrison Foerster Data, Cyber + Privacy team provides creative, practical advice across every stage of the information lifecycle, from navigating complex privacy laws and managing breach response to litigating data...more
The almost daily prevalence of cyber-attacks has brought the issue of cybersecurity as a core governance responsibility to the front of mind of company boards. In 2024 alone, over 15 million cyberattacks were recorded...more
On October 21, 2025, the New York Department of Financial Services ("NYDFS") sent a letter to the executives and information security personnel at covered entities with new guidance for managing technology and data risks...more
On November 17, the SEC’s Division of Examinations published its 2026 examination priorities, outlining key areas of regulatory focus for the upcoming year. ...more
Recently, major media reported that a key financial services provider, SitusAMC, suffered a substantial data security incident. This Alert summarizes what we know so far, the possible legal implications, and some action items...more
The deadline for “Larger Entities” to comply with the new data privacy and security requirements in the amendments to Regulation S-P is December 3, 2025. As we have detailed previously, the U.S. Securities and Exchange...more
In May 2024, the Securities and Exchange Commission (SEC) adopted significant amendments to Regulation S-P (the “Amendments”). These Amendments expand requirements related to safeguarding customer information, incident...more
When cyberattacks strike global giants, it’s front-page news. But what about the smaller breaches -- the ones that don’t make headlines? Increasingly, they’re making waves in courtrooms and regulatory enforcement agencies. ...more
This article examines how cybersecurity teams can leverage AI and LLM technologies like Microsoft Copilot and Open WebUI while managing associated security risks through proper logging and monitoring practices. It provides...more
As 2025 comes to an end, there have been some valuable cybersecurity lessons for businesses. These involve vendor oversight, internal coordination, and incident response plans. Businesses should vow to address them in 2026 if...more
Another type of cyber attack. Operations for Japan-based beverage giant Asahi Group Holdings recently shut down after a cyberattack, causing a ripple effect that extended far beyond its breweries. The incident forced...more
Data breaches occur when an unauthorized individual or entity gains access to confidential or protected information. This information may include personal data such as Social Security numbers or medical records, financial...more
The U.S. Securities and Exchange Commission's (SEC's) May 2024 amendments to Regulation S-P established concrete, near-term compliance deadlines for registered investment advisers (RIAs) to adopt, implement, and maintain...more
On October 21, 2025, the New York State Department of Financial Services (NYDFS) issued an industry letter highlighting risks associated with third-party service providers – such as providers of cloud computing, file transfer...more
On the Rise: Cyberattacks through the supply chain have increased by over 400% in recent years. Leaders need to take action. Enhance Third-Party Cybersecurity: Regularly audit suppliers’ cybersecurity practices and limit...more
The New York Department of Financial Services (NYDFS) issued an industry letter titled “Guidance on Managing Risks Related to Third-Party Service Providers” (Guidance) for Covered Entities engaging third-party service...more