Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
8/14/2025
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Security ,
Policies and Procedures ,
Privacy Policy ,
Ransomware ,
Risk Management ,
WISP
It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant...more
7/30/2025
/ Artificial Intelligence ,
Benefit Plan Sponsors ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Investment ,
Investment Management ,
Retirement Plan ,
Risk Management ,
Transparency ,
Vendors
On July 23, 2025, the White House released America’s AI Action Plan, a comprehensive national strategy designed to strengthen the United States’ position in artificial intelligence through investment in innovation,...more
7/25/2025
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Funding ,
Government Agencies ,
Infrastructure ,
Innovation ,
Internal Revenue Code (IRC) ,
Investment ,
National Security ,
Popular ,
Regulatory Reform ,
Reimbursements ,
Technology ,
Training ,
Trump Administration
To say mergers and acquisitions present significant risk is an understatement; however, additional vulnerabilities are being exposed as bad actors threaten to exploit privacy and data security leaks during the transition. ...more
7/24/2025
/ Acquisitions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Merger Agreements ,
Mergers ,
Personal Data ,
Risk Management
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
7/7/2025
/ Collection Agencies ,
Consumer Information ,
Credit Unions ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
New Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
WISP
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like...more
6/24/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Liability ,
New Legislation ,
Personal Data ,
Punitive Damages ,
Risk Management ,
Safe Harbors ,
Small Business ,
State Privacy Laws ,
Texas
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more
6/11/2025
/ Best Practices ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Employees ,
FinTech ,
Former Employee ,
Hiring & Firing ,
Information Technology ,
Insider Information ,
NIST ,
Risk Assessment ,
Risk Management
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
6/9/2025
/ Algorithms ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Employee Monitoring ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Surveillance ,
Technology
In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive...more
1/21/2025
/ Confidential Information ,
Confidentiality Agreements ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Former Employee ,
Intellectual Property Protection ,
Personal Data ,
Personal Information ,
Restrictive Covenants ,
Risk Management ,
Sensitive Business Information ,
Trade Secrets ,
UTSA
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
1/13/2025
/ Compliance ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Identity Theft ,
Incident Response Plans ,
Information Technology ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
School Districts ,
State Privacy Laws ,
Vendors
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
1/9/2025
/ Artificial Intelligence ,
Biometric Information ,
Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Deep Fake ,
FBI ,
Fraud ,
Identity Theft ,
Know Your Customers ,
Multi-Factor Authentication ,
Phishing Scams ,
Risk Management ,
Secret Service ,
Social Engineering
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s...more
4/11/2024
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Genetic Testing ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Ransomware ,
Tracking Systems
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024.
1. AI regulations to protect data privacy.
Automated decision-making tools, smart cameras, wearables,...more
1/29/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
Biometric Information Privacy Act ,
Class Action ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Popular ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
Web Tracking
The Association of Corporate Counsel and Major, Lindsey & Africa recently released their 2023 Law Department Management Benchmarking Report (Report) which tracks key trends in law department financial and operational data....more
On May 27, 2023, Texas’ Governor signed Senate Bill 768 amending Texas’ data breach notification law. The law in question, Section 521.053 of the Texas Business and Commerce Code, sets out the specific requirements any person...more
The Federal Trade Commission updated its “Standards for Safeguarding Customer Information” (“Safeguards Rule”) and extended the compliance deadline to June 9, 2023. Some entities still may be wondering – “Do these regulations...more
On August 11, 2022, the Federal Trade Commission (FTC) announced proposed rulemaking pertaining to “commercial surveillance and lax data security.” However, the overall focus of the potential rulemaking is consumer privacy...more
While the federal government attempts to move forward with a more uniform national law, Connecticut joined California, Colorado, Utah, and Virginia in passing a comprehensive consumer privacy law....more
Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for...more
1/13/2022
/ Biometric Information Privacy Act ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Retention ,
Data Security ,
Data Storage ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Multi-Factor Authentication ,
Third-Party
By now, plan fiduciaries and their service providers likely have heard about the DOL’s cybersecurity guidance. The Department of Labor’s stepping into cybersecurity in this way – a posting of best practices on the agency’s...more
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Abbott ,
Notification Requirements ,
State Attorneys General ,
State Data Breach Notification Statutes