News & Analysis as of July 25, 2025

Data Protection

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

McCarter & English Blog: Government Contracts... on 6/16/2025

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction...more

Key Considerations Before Negotiating Healthcare AI Vendor Contracts

Sheppard Mullin Richter & Hampton LLP on 3/24/2025

The integration of artificial intelligence (AI) tools in healthcare is revolutionizing the industry, bringing efficiencies to the practice of medicine and benefits to patients. However, the negotiation of third-party AI tools...more

Virginia Legislature Passes First AI Bill of 2025--Now Awaits Governor's Approval

Baker Botts L.L.P. on 3/5/2025

Virginia has become the first state in 2025 to pass comprehensive artificial intelligence regulation, with lawmakers approving the "High-Risk Artificial Intelligence Developer and Deployer Act" (HB 2094). The legislation,...more

Security Requirements and Compliance Obligations in DOJ's Final Rule on Data Transactions

Akin Gump Strauss Hauer & Feld LLP on 2/24/2025

The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more

The Proposed Rule to Amend FAR Guidance on Safeguarding CUI – Care to Comment?

Husch Blackwell LLP on 2/24/2025

The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more

Release of Engineers and Geoscientists of British Columbia Practice Advisory on Use of Artificial Intelligence in Professional...

MG+M The Law Firm on 2/21/2025

On November 22, 2024, Engineers and Geoscientists British Columbia (EGBC) released Use of Artificial Intelligence (AI) in Professional Practice, a practice advisory for EGBC registrants that provides guidelines on the use of...more

FAR Council Publishes Proposed Rule Imposing New Security Requirements on Contractors Handling CUI

Woods Rogers on 1/21/2025

On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more

They Did It. They Really Did It! The Arrival of the FAR CUI Proposed Rule

McCarter & English Blog: Government Contracts... on 1/17/2025

After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more

New Year, New State Data Privacy Laws

Levenfeld Pearlstein, LLC on 1/17/2025

With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more

President Biden Issues Second Cybersecurity Executive Order

Foley & Lardner LLP on 1/17/2025

In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more

Artificial Intelligence Governance – First, Build On What You Have

Guidepost Solutions LLC on 6/13/2024

As artificial intelligence (AI) continues to advance rapidly, organizations of all types are seeking to deploy this powerful tool to increase the effectiveness and efficiency of their operations, improve service to their...more

NIST Adopts New 2.0 Cybersecurity Framework

The Volkov Law Group on 5/2/2024

In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws. The National Institute of Standards and Technology (“NIST”)...more

2024 Update: Regulators Use “Carrots and Sticks” to Incentivize Healthcare Sector Cybersecurity Compliance

Epstein Becker & Green on 3/15/2024

Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more

HHS Publishes ‘Voluntary’ Healthcare Cybersecurity Performance Goals in Record Time but Leaves Questions Unanswered

BakerHostetler on 2/9/2024

As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more

[Webinar] What’s all the fuss about CMMC? - November 29th, 12:00 pm - 1:30 pm CT

Society of Corporate Compliance and Ethics... on 11/15/2023

Learning Objectives - What is CMMC and should I care? - Cybersecurity is crucial for compliance in any company - Is NIST 800-171 (The CMMC Framework) worth employing? - Thoughts and observations from the field...more

Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199

Baker Donelson on 10/24/2023

The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more

Privacy Briefs: October 2023

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more

Privacy & Cybersecurity Update - August 2023

Skadden, Arps, Slate, Meagher & Flom LLP on 9/6/2023

In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more

Get Ready for HIPAA Questions on Your Recognized Security Practices

Holland & Knight LLP on 8/31/2021

An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more

Privacy & Cybersecurity Update - August 2020

Skadden, Arps, Slate, Meagher & Flom LLP on 9/1/2020

In this month's edition of our Privacy & Cybersecurity Update, we examine the National Institute of Standards and Technology's four principles of the "explainability" of artificial intelligence and the U.K. Information...more

Recent Government Cyber Alert and Draft Guide for Financial Institutions: Lessons for All Organizations

Baker Donelson on 11/5/2015

All organizations, including financial institutions, continue to face significant security threats across their wide ranging IT systems. Such organizations are particularly vulnerable if they cannot track networked devices...more

Is Your HIPAA Compliance Program Ready for the FTC?

Womble Bond Dickinson on 10/12/2015

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

BakerHostetler on 9/16/2015

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more

Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance Setting Forth General Requirements for Member...

K&L Gates LLP on 9/10/2015

The National Futures Association (“NFA”) submitted to the Commodity Futures Trading Commission (“CFTC”) on August 28, 2015 a proposed Interpretive Notice (“Proposed Guidance”) for CFTC’s approval, which provides guidance to...more

Time for a HIPAA Security Check-Up!

Davis Wright Tremaine LLP on 9/9/2015

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

30 Results

View per page

Page: of 2

Compliance › National Institute of Standards and Technology › Data Protection

"My best business intelligence, in one easy email…"