DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as...more
The Departments of Labor, Health and Human Services, and the Treasury, with the Office of Personnel Management (the “Departments”) jointly released FAQs About Consolidated Appropriations Act, 2021 Implementation Part 69...more
On 13 December 2024, the FCA and the PRA published linked Consultation Papers on operational incident and third-party reporting (FCA CP24/28 and PRA CP17/24). The consultations aim to create a structured framework for...more
The European Supervisory Authorities have published a joint statement on the application of the EU Digital Operational Resilience Act. The ESAs emphasise that as DORA does not provide for a transitional period, it is...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
On October 3, 2024, the Financial Crimes Enforcement Network (FinCEN) issued new guidance concerning the Corporate Transparency Act (CTA) by updating and expanding on the Beneficial Ownership Information (BOI) Reporting...more
In this blog post, we will focus on obligations that the European Union’s Artificial Intelligence Act (AI Act) sets for deployers, providers, importers and distributors regarding high-risk AI systems....more
Share on Twitter Print Share by Email Share Back to top “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” Those were among the remarks that U.S. Securities and...more
In an evolving (and somewhat disjointed) process, FinCEN has been providing guidance to persons and entities that are responsible for filing required beneficial ownership information (“BOI”) reports to FinCEN, as well as to...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
El 29 de septiembre del 2023, FinCEN actualizó las preguntas frecuentes (“FAQs”) sobre los Reportes de Información sobre los Beneficiarios Reales (“BOI”), incluyendo orientación sobre el Identificador FinCEN. Las preguntas...more
On September 29, 2023, FinCEN updated the FAQs regarding Beneficial Ownership Information (BOI) Reporting, including guidance on the FinCEN identifier. The FinCEN’s BOI FAQs work in tandem with the FinCEN’s BOI Small...more
The UK Financial Conduct Authority (FCA) has assessed the systems and controls relating to sanctions compliance for over 90 firms across a range of sectors and summarised its findings of good and poor practice. Acknowledging...more
On Feb. 15, 2023, the U.S. Department of Education (Department) surprised the higher education community with a Dear Colleague Letter (DCL GEN-23-03) that sets forth new guidance on third-party servicers with whom...more
UPDATE: On April 11, the Department of Education (Department) published a blog post updating the latest Third-Party Services (TPS) Dear Colleague Letter (DCL) which was published on February 15, 2023 (updated February 28,...more
UPDATE: On February 28, 2023, the Department updated the Dear Colleague Letter issued February 15, 2023 to establish a future effective date for the guidance, extend the public comment period, and extend the reporting...more
Wednesday’s U.S. Department of Education Dear Colleague Letter announces an expanded Department interpretation of the definition of Third-Party Servicer to include a new array of vendors providing student recruiting and...more
Group health plans must comply with several new requirements set forth by the Consolidated Appropriations Act of 2021 (CAA) and the Transparency in Coverage regulations (TiC Regulations) under the Affordable Care Act (ACA). ...more
The U.S. Equal Employment Opportunity Commission (EEOC) recently announced its effort to modernize the agency’s EEO data collection by revising the procedures for professional employer organizations (PEOs), administrative...more
Under the Consolidated Appropriations Act, 2021 (the “CAA”), group health plans and health insurance issuers are required to submit certain information related to prescription drug and other health care spending to the...more
The Occupational Health and Safety Act (the OHS) was signed into law in 1970 and established the Occupational Health and Safety Administration (OSHA), as part of the U.S. Department of Labor. Under the so-called "general...more
The FDIC and OCC have issued new guidance for banks on heightened cybersecurity risks facing the financial services industry because of increased geopolitical tensions and threats of aggression. The guidance published on...more
Cryptocurrency owners must face death—be it their own, or that of anyone else with custody of the owner’s cryptocurrency or other digital assets. We received a stark reminder of this when the Canadian exchange QuadrigaCX...more
On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law...more
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more