DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
On January 28, 2025, FINRA published its Annual Regulatory Oversight Report (the Report). The Report highlights emerging risk areas and recent developments, common compliance deficiencies, and best practices for member firms....more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
Crafting an AI Governance policy best suited for your business requires careful consideration of the types of AI, how AI will be used, current and future legislation, and a group of individuals specifically designated to...more
The adoption of artificial intelligence (AI) in healthcare has ushered in a new era of innovation that is transforming diagnostics, treatment planning and operational efficiencies. However, with great potential comes...more
It is no secret that ransomware dominates headlines, and cybersecurity incidents have become part of our everyday language. However, the criminal “business model” behind ransomware keeps evolving. Originally published in...more
The FCA, PRA, and Bank of England have published their finalised critical third party (CTP) rules (and accompanying guidance) in PS24/16 Operational resilience: Critical third parties to the UK financial sector....more
The new regime will take effect on 1 January 2025, but will not diminish the responsibilities of financial services firms relying on the services of critical third parties....more
In the aftermath of a vendor's hack that crippled an industry, ensure your business is up to date on best practices for mitigating the risks of third-party cyber incidents. Many businesses struggle to adequately consider the...more
All lawyers understand that they have an ethical obligation to protect client confidential information from prying eyes, whether in a locked file cabinet, on a cloud storage device, or passing through the networks of...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
Third-party relationships supporting core operations are now more important than ever for most organizations. Yet too often, procurement, information security, compliance, and other professionals are overburdened with the...more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
The use of tracking technologies on websites and mobile applications (e.g., cookies) has become largely ubiquitous in our technology-driven world. Health care providers and organizations, for example, may use tracking...more
On February 15, Federal Reserve Board Governor Michelle W. Bowman delivered remarks at the Midwest Cyber Workshop, during which she discussed topics related to third-party service provider reliance and regulatory expectations...more
Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to think of the cyber issue as relevant to digital communications and...more
Financial services firms are increasingly reliant upon third-party companies to provide important services, ranging from cloud services and data analytics to machine learning and cash distribution. As these third parties...more
The task of conducting due diligence in the selection of technology vendors is a critical component of the lawyer’s ethical obligation to maintain reasonable security over client confidential information. However, for several...more
The Black Shadow hacking group’s attack on Cyberserve, reported a few days ago, has resulted (at this point in time) in the leaking of a database with more than 800,000 records pertaining to various individuals and the...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more
As we now enter the third quarter of our discontent with the Coronavirus worldwide pandemic, one thing is very clear: Centralized vendor risk management is imploding....more
The California Consumer Privacy Act became effective on Jan. 1. Included among its provisions is the grant of a private right of action on behalf of any consumer “whose nonencrypted and nonredacted personal information…is...more