Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
Hot Topics in International Trade - Let's Be Serious-Supply Chain Audits
Workplace ICE Raids Are Surging—Here’s How Employers Can Prepare - #WorkforceWednesday® - Employment Law This Week®
REFRESH Five Tax Traps for Business Lawyers Advising Nonprofit Organizations
Hospice Insights Podcast - Hospice Audit Updates: David Beats Goliath
Compliance Tip of the Day: Middle Managers as the Eyes and Ears of Compliance
Episode 365 -- Four Sanctions Cases Everyone Should Know
UPIC Audits
Compliance Tip of the Day: The role of Compliance in Auditing AI
California Employment News: Taking Advantage of the PAGA Reform – How Employers Can Lower Their Risk of PAGA Liability
Auditing Your Hotline and Case Management System
Hospice Insights Podcast - Controlling the Narrative: A New Tactic for Auditors and ALJs
Improving Your Code of Conduct
Now Is the Time to Conduct I-9 Audits: What's the Tea in L&E?
Preparing for — and Surviving — an OFCCP Audit
Hospice Insights Podcast - Meet the New Laws, Same as the Old Laws: Overpayment Recoupment Update
As we navigate through 2025, the European legal landscape is undergoing a significant transformation, particularly in the realms of artificial intelligence (AI) regulation and data sovereignty. These changes are reshaping how...more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
The Measures outline requirements and procedures for self-initiated and regulator-mandated compliance audits from May 1, 2025....more
Are you tasked with compliance management on a small team or for a smaller organization? Compliance professionals who manage programs for smaller organizations or with limited teams can face unique, sometimes daunting,...more
On 14 February 2025, the Cyberspace Administration of China (“CAC”) issued the “Administrative Measures for Personal Information Protection Compliance Audits” (the "Measures"), which will take effect on 1 May 2025. The...more
This monthly report outlines key developments in China’s data protection sector for March. The following events merit special attention...more
The PRC Personal Information Protection Law (PIPL) mandates regular data compliance audits. Following a consultation period beginning in August 3, 2023, the Cyberspace Administration of China (CAC) issued the Measures for...more
In the high-stakes world of legal due diligence, the security and confidentiality of sensitive information are paramount. With the increasing volume of electronically stored information (ESI) and the complexity of modern...more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more
In 2024, the U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) Director Melanie Fontes Rainer announced that OCR will resume auditing Health Information Portability and Accountability Act (“HIPAA”)...more
The financial services sector in the Channel Islands has seen the publication of a report by MONEYVAL, a proposal to increase administrative penalties and the release of two public statements. The Bailiwick gambling...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
On February 28, 2024, President Biden signed Executive Order 14117 (the EO), on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The United...more
If you have a tendency to reuse the same password across multiple accounts, you could be leaving yourself (and your organization) exposed to risk. Credential stuffing, the stealthy technique fueling a recent explosion of...more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more
The EDPB launched a website auditing tool to help legal and technical auditors at data protection authorities check whether websites are compliant with the law on 29 January 2024. Controllers and processors can also use the...more
The ever-increasing privacy and security risks via third-party vendors and service providers were apparent in 2023 with news of large organizations such as MOVEit, Okta and AT&T being affected. Research has shown that 98...more
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024. 1. AI regulations to protect data privacy. Automated decision-making tools, smart cameras, wearables,...more
The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law. In the U.S.,...more