It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant...more
7/30/2025
/ Artificial Intelligence ,
Benefit Plan Sponsors ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Investment ,
Investment Management ,
Retirement Plan ,
Risk Management ,
Transparency ,
Vendors
To say mergers and acquisitions present significant risk is an understatement; however, additional vulnerabilities are being exposed as bad actors threaten to exploit privacy and data security leaks during the transition. ...more
7/24/2025
/ Acquisitions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Merger Agreements ,
Mergers ,
Personal Data ,
Risk Management
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
7/7/2025
/ Collection Agencies ,
Consumer Information ,
Credit Unions ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
New Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
WISP
The Senate recently voting 99-1 to remove a 10-year moratorium on state regulation of AI says something about the impact of AI, but also its challenges.
A new MIT study, presented at the ACM Conference on Fairness,...more
For businesses subject to the California Consumer Privacy Act (CCPA), a compliance step often overlooked is the requirement to annually update the businesses online privacy policy. Under Cal. Civ. Code § 1798.130(a)(5),...more
6/26/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employee Monitoring ,
Human Resources Professionals ,
Location Data ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements ,
Risk Management ,
Technology ,
Third-Party
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like...more
6/24/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Liability ,
New Legislation ,
Personal Data ,
Punitive Damages ,
Risk Management ,
Safe Harbors ,
Small Business ,
State Privacy Laws ,
Texas
Artificial Intelligence (AI) is transforming businesses—automating tasks, powering analytics, and reshaping customer interactions. But like any powerful tool, AI is a double-edged sword. While some adopt AI for protection,...more
6/16/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Deep Fake ,
Fraud ,
Phishing Scams ,
Risk Management ,
Risk Mitigation ,
Supply Chain
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more
6/11/2025
/ Best Practices ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Employees ,
FinTech ,
Former Employee ,
Hiring & Firing ,
Information Technology ,
Insider Information ,
NIST ,
Risk Assessment ,
Risk Management
In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These...more
6/9/2025
/ Algorithms ,
Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Employee Monitoring ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Surveillance ,
Technology
On June 2, 2025, the U.S. Department of Labor (DOL) announced a significant expansion of its compliance assistance tools by launching an Opinion Letter Program across five key enforcement agencies, including the Employee...more
6/6/2025
/ Benefit Plan Sponsors ,
Compliance ,
Cybersecurity ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary Duty ,
Information Letters ,
New Guidance ,
Opinion Letter ,
Regulatory Requirements ,
Retirement Plan ,
Risk Management ,
Transparency
In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more
On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more
3/24/2025
/ Business Associates ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Risk Management
According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including...more
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive...more
1/21/2025
/ Confidential Information ,
Confidentiality Agreements ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Former Employee ,
Intellectual Property Protection ,
Personal Data ,
Personal Information ,
Restrictive Covenants ,
Risk Management ,
Sensitive Business Information ,
Trade Secrets ,
UTSA
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
1/13/2025
/ Compliance ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Identity Theft ,
Incident Response Plans ,
Information Technology ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
School Districts ,
State Privacy Laws ,
Vendors
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
1/9/2025
/ Artificial Intelligence ,
Biometric Information ,
Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Deep Fake ,
FBI ,
Fraud ,
Identity Theft ,
Know Your Customers ,
Multi-Factor Authentication ,
Phishing Scams ,
Risk Management ,
Secret Service ,
Social Engineering
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws-
This year saw a...more
1/2/2025
/ Artificial Intelligence ,
Biometric Information ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Privacy Rights ,
Fair Credit Reporting Act (FCRA) ,
Personal Data ,
Privacy Laws ,
Retirement Plan ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Web Tracking
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)....more
12/5/2024
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Independent Contractors ,
OCR ,
Risk Management ,
Security Rule
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks....more
12/2/2024
/ AirBnB ,
Cybersecurity ,
Data Breach ,
Phishing Scams ,
Popular ,
Property Management Companies ,
Risk Management ,
Third-Party Service Provider ,
Vacation Rentals ,
Vendors ,
Websites
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
9/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fortune 500 ,
Governance Standards ,
Intellectual Property Protection ,
Machine Learning ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
A recent Forbes article summarizes a potentially problematic aspect of AI which highlights the importance of governance and the quality of data when training AI models. It is called “model collapse.” It turns out that over...more
While the craze over generative AI, ChatGPT, and the fear of employees in the professions landing on breadlines in the imminent future may have subsided a bit, many concerns remain about how best to use and manage AI. Of...more
Following laws enacted in jurisdictions such as Colorado, New York City, Tennessee, and the state’s own Artificial Intelligence Video Interview Act, on August 9, 2024, Illinois’ Governor signed House Bill (HB) 3773, also...more
8/14/2024
/ Artificial Intelligence ,
Audits ,
Bias ,
Corporate Counsel ,
Governor Pritzker ,
Hiring & Firing ,
Human Rights Act ,
Illinois ,
Machine Learning ,
Recruitment Policies ,
Risk Management ,
Transparency ,
Wage and Hour