DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks....more
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
In the aftermath of a vendor's hack that crippled an industry, ensure your business is up to date on best practices for mitigating the risks of third-party cyber incidents. Many businesses struggle to adequately consider the...more
Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of...more
CEP Magazine (October 2022) - A recent case reminded me of how easy it is to use shell companies to perpetrate fraud. A former associate general counsel who handled allegations of employee misconduct for a company created...more
Data breaches by large companies have been in the news for some time. Over the last several years several companies, including Marriott, Yahoo and Volkswagon, have been victimized by hackers who have broken into a company’s...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Wherever you look, it feels like cyberattacks are becoming increasingly common. Criminal hackers are making the headlines every day, stealing the personal information of millions of people, ranging from birthdays to Social...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
As we now enter the third quarter of our discontent with the Coronavirus worldwide pandemic, one thing is very clear: Centralized vendor risk management is imploding....more
Vendor Risk Management (VRM) featured heavily at the recent Mitratech Interact 2020 online conference. That’s not surprising, considering the rising concerns about the risks posed by vendor and supplier networks – and how...more
Among the many other hard lessons the COVID-19 pandemic has been teaching businesses, there’s this one: Vendor risk management has become even more complex than before. Frighteningly complex, in fact, making it even more...more
Vendor management is a complex task, yet a necessary undertaking for any organization dealing with third parties. ...more
Data breaches are a hot topic and will undoubtedly get even hotter. Cybersecurity for your own enterprise isn’t enough — you must evaluate your vendors and determine if they’re prepared to resist cyberattacks. ...more
The Securities and Exchange Commission (“SEC”) and Financial Industry Regulatory Authority (“FINRA”) recently issued guidance in connection with firms’ relationships with third-party service providers. These publications...more
“To err is human,” but in an industry as seemingly driven by precision as eDiscovery, errors are all too common. Yes, mistakes are going to happen. Which is why we can fall back on processes and procedures to ensure that even...more
Internal controls are a key tool to operationalize your third-party risk management program. The basic internal controls, that should be a part of any financial controls system. There were four significant controls the...more
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
You really do have to appreciate Wells Fargo & Co. Perhaps solely of the most recent spate of US corporate ethics scandals, it is the company that keeps giving and giving and giving. On the other hand, it may simply be that...more
This is the second installment in our interview with Steven Grossman, VP Strategy & Enablement at Bay Dynamics, the cyber risk analytics company. Here, Steven discusses the importance of aligning an institution’s risk...more
We are thrilled to bring you the third installment of Stinson Leonard Street's Emerging Trends newsletter. We are proud of the depth and breadth of experience and knowledge across our firm's 13 offices nationwide and are...more
On September 13, 2016, the New York State Department of Financial Services (DFS) proposed new rules that would require certain “Covered Entities” to establish and implement cybersecurity programs designed to protect nonpublic...more