DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
With under six months to go until the European Union Digital Operational Resilience Act (DORA) becomes applicable on 17 January 2025, DORA implementation projects are running full steam ahead. DORA lays down uniform...more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
The questions below are intended to help in-house counsel obtain the most important information related to technology projects so they can evaluate risks to the company’s data, intellectual property, and commercial interests,...more
In mid-December the European Union (EU) enacted new legislation aiming at harmonizing, and tightening, information technology (IT) security rules in the financial sector: Regulation (EU) 2022/2554 on digital operational...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
In a blog post entitled “New activity from Russian actor Nobelium,” Microsoft’s V.P. of Customer Security & Trust Tom Burt discussed a recent alert issued by the Microsoft Threat Intelligence Center (MSTIC) regarding the...more
The CFPB updated its Supervision and Examination Manual by adding a new section titled Compliance Management Review – Information Technology. The new examination procedures are meant to assist CFPB examiners when assessing...more
I have written multiple times about the danger of disruptionware to both Information Technology (IT) networks as well as Operational Technologies (OT) networks of victims globally. As discussed here, many different nefarious...more
As defined by Gartner, Shadow IT refers to IT devices, software and services outside the ownership or control of information technology (IT) organizations. These are any IT projects that are managed outside of – and...more
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
Modern business requires the engagement of professional services providers, such as IT services, marketing, software, data hosting, or other needed services. Far too often, though, the agreements governing these relationships...more
Planning for a change in service providers can sometimes feel like a logistical nightmare, but with proper planning and a long-term outlook, you can ward off operational issues that may arise during the process of...more
One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case,...more
Earlier this month, our Immigration Group colleagues reported the Department of Homeland Security (DHS) would release a new regulation to expand the collection of biometric data in the enforcement and administration of...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more
What kinds of cloud computing transactions take place in your jurisdiction? As a G7 economy with mature IT and related services markets, the UK is one of the most important global markets for cloud computing. According to...more
“To err is human,” but in an industry as seemingly driven by precision as eDiscovery, errors are all too common. Yes, mistakes are going to happen. Which is why we can fall back on processes and procedures to ensure that even...more
Admittedly, I’m not the biggest sports buff. However, when I moved to Kansas City four years ago, what my family and I realized is that you can’t help not be a fan of the Royals, Chiefs, Jay Hawks, and Sporting! Everyone in...more
Technology outsourcing by financial institutions (FIs) has increased in recent years as FIs look to the latest innovations to improve their day-to-day business processes and to reduce costs. FIs outsource key functions to a...more