Legal AI in Practice: Firm Governance, Build vs. Buy Decisions, and Vendor Due Diligence — The Good Bot Podcast
Point-of-Sale Finance Series: Understanding State Licensing for Nonbank Providers — The Consumer Finance Podcast
(Podcast) The Briefing - Studios Beware: The Danger of the Beauty and the Beast Copyright Decision
Innovation in Compliance: Brad Stevens: Part 1 - Transforming Outsource Perceptions
Podcast — EU Data Act: Spotlight on Switching Requirements for Data Processing Services
Compliance into the Weeds: Fracht - The Bonkers Sanctions Case
DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies....more
As we have discussed in prior posts, AI-enabled smart glasses are rapidly evolving from niche wearables into powerful tools with broad workplace appeal — but their innovative capabilities bring equally significant legal and...more
In this episode of The Good Bot, Brett Mason sits down with Leigh Zeiser, director of AI and automation at Troutman Pepper Locke, to unpack how the firm operationalizes AI responsibly. They discuss the firm's AI portfolio —...more
A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business...more
The Financial Industry Regulatory Authority’s (FINRA) 2026 Annual Regulatory Oversight Report is the most current and comprehensive statement of FINRA’s priorities and expectations for member firms. It does not create new...more
The Morrison Foerster Data, Cyber + Privacy team provides creative, practical advice across every stage of the information lifecycle, from navigating complex privacy laws and managing breach response to litigating data...more
SERC’ling Up is your resource for staying ahead in today’s fast-evolving financial landscape. This newsletter delivers perspectives on the latest enforcement trends, regulatory updates and high-stakes developments affecting...more
Ask any board if AI is on the agenda, and the answer is yes. Ask how confident they feel about their vendors’ use of AI, and the answer is less clear....more
A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data...more
Recently, major media reported that a key financial services provider, SitusAMC, suffered a substantial data security incident. This Alert summarizes what we know so far, the possible legal implications, and some action items...more
Another type of cyber attack. Operations for Japan-based beverage giant Asahi Group Holdings recently shut down after a cyberattack, causing a ripple effect that extended far beyond its breweries. The incident forced...more
Data breaches occur when an unauthorized individual or entity gains access to confidential or protected information. This information may include personal data such as Social Security numbers or medical records, financial...more
In Celonis SE v. SAP SE, a federal court ruled that Celonis could proceed with its claim alleging SAP monopolized a standalone “data access” aftermarket, potentially paving the way for monopolization theories focused on acts...more
On October 21, 2025, the New York State Department of Financial Services (NYDFS) issued an industry letter highlighting risks associated with third-party service providers – such as providers of cloud computing, file transfer...more
On the Rise: Cyberattacks through the supply chain have increased by over 400% in recent years. Leaders need to take action. Enhance Third-Party Cybersecurity: Regularly audit suppliers’ cybersecurity practices and limit...more
The New York Department of Financial Services (NYDFS) just sent a stark reminder to covered entities (which includes financial institutions, insurance companies, and any other businesses regulated by the NYDFS) that they are...more
The Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P in May 2024, significantly expanding privacy, data security and breach notification obligations for “covered institutions,” which includes...more
A new cyber threat, the "Shai-Hulud" worm, has compromised the Node Package Manager (npm) ecosystem, which is widely used by organizations for JavaScript development. This attack has resulted in widespread theft of...more
The Salesloft Drift breach that unfolded between August 8 and 18, 2025, represents one of the most significant supply chain attacks targeting Software-as-a-Service (SaaS) platforms in recent years. This sophisticated...more
Threat actors stole authentication tokens for Salesloft Drift, a popular marketing automation tool, leading to widespread data exfiltration from Salesforce customer instances that occurred mostly between August 8 and 18,...more
Salesloft issued a security notification on August 26 regarding its Drift application. It appears to be a broad opportunistic attack on Salesloft/Drift instances integrated with Salesforce tenants. Salesloft issued updates...more
On July 30, 2025, a wine producer was sued in connection with a cyberattack that allegedly compromised the data of at least 26,000 customers. Among other things, the complaint alleges that the company failed to implement...more
The rapid evolution of digital technologies has ushered in a new era for the legal profession—one characterized by both unprecedented promise and intricate new hazards. As practitioners and clients alike become more reliant...more
Cybersecurity is now a core element of legal, regulatory, and business risk management. In Latin America and the Caribbean, organizations face mounting pressure to demonstrate proactive compliance with evolving data...more
On July 31, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an exemptive order in coordination with the Board of Governors of the Federal Reserve System (the “Fed”) that allows...more