News & Analysis as of

Compliance Risk Management Personally Identifiable Information

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. ... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
Ward and Smith, P.A.

Privacy and Data Security in Community Associations: Navigating Risks and Compliance

Ward and Smith, P.A. on

For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more

Tarter Krinsky & Drogin LLP

Businesses Have 30 Days to Report a Security Breach of New Yorker’s Private Information

Tarter Krinsky & Drogin LLP on

New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more

Levenfeld Pearlstein, LLC

New Year, New State Data Privacy Laws

Levenfeld Pearlstein, LLC on

With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more

Jackson Lewis P.C.

FAQs for Schools and Persons Affected By the PowerSchool Data Breach

Jackson Lewis P.C. on

A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more

Constangy, Brooks, Smith & Prophete, LLP

Who needs a WISP, and why?

Constangy, Brooks, Smith & Prophete, LLP on

A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more

Mintz - Antitrust Viewpoints

CFTC Report Calls on Agency to Engage in Rulemaking on AI — AI: The Washington Report

Mintz - Antitrust Viewpoints on

A working group within the Commodity Futures Trading Commission (CFTC) released a report on May 2, 2024, concerning the risks posed by AI adoption in the derivatives market. The report warns that the adoption of AI tools...more

BCLP

Pressure-Testing Your Privacy Program for 2024

BCLP on

With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more

Thomas Fox - Compliance Evangelist

The Importance of Effective Policies and Training in Data Protection: Lessons from a Scottish Hospital Breach

Thomas Fox - Compliance Evangelist on

I recently had the chance to visit with Jonathan Armstrong on a recent data breach case that occurred in the health service provider NHS Lanarkshire (Scotland) during the COVID-19 pandemic. This breach serves as a stark...more

Rothwell, Figg, Ernst & Manbeck, P.C.

Regulating AI: Litigation Questions And State Efforts To Watch

Rothwell, Figg, Ernst & Manbeck, P.C. on

This second part of a two-part series on U.S. regulation of artificial intelligence systems highlights state legislation and litigation to watch concerning AI systems, and provides practical takeaways as we look toward the...more

NAVEX

4 Things to Know About Updated NIST 800-53 Standards

NAVEX on

[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more

Rothwell, Figg, Ernst & Manbeck, P.C.

Speed Dating in the UK? Negotiating New Data Protection Relationships with the EU

Rothwell, Figg, Ernst & Manbeck, P.C. on

With all that has happened this year, most of us can’t wait until 2020 is in the rear view mirror.  The end of 2020, however, marks the end of the transition period provided, post-Brexit, to allow time for UK businesses and...more

Society of Corporate Compliance and Ethics...

Capital One fined for inadequate data controls

Society of Corporate Compliance and Ethics... on

Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - The Office of the Comptroller of the Currency fined Capital One USD 80 million for inadequate data controls leading to a 2019 data breach and for failing to fix...more

King & Spalding

Energy Newsletter - April 2020

King & Spalding on

Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more

Mintz - Privacy & Cybersecurity Viewpoints

New York Dept of Financial Services (NYDFS) Extends Cybersecurity Compliance Deadline

Mintz - Privacy & Cybersecurity Viewpoints on

The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more

Kilpatrick

[Webinar] Biometric Privacy Law in the US: Compliance Strategies and Litigation Trends - January 21st, 1:00 pm ET

Kilpatrick on

Biometric technology – technology that identifies individuals based on measurements of their biological characteristics, such as facial geometry, voiceprints, or fingerprints – has become a ubiquitous part of the consumer...more

The Volkov Law Group

Lessons Learned from the Capital One Data Breach (Part I of III)

The Volkov Law Group on

Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of  all significant data breaches or cyber-incidents occur because of internal actors. ...more

Sunstein LLP

Twenty Years Under the Microscope: A Small Business, a Data Breach and the FTC

Sunstein LLP on

James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more

The Volkov Law Group

Key Actions to Ensure Compliance with the California Consumer Privacy Act (Part II of II)

The Volkov Law Group on

The California Consumer Privacy Act (CCPA) presents numerous compliance challenges for businesses.  Given the heightened focus on consumer privacy and ever-increasing enforcement risks, companies have to move quickly to...more

The Volkov Law Group

California Sunshine — The California Consumer Privacy Act (Part I of II)

The Volkov Law Group on

When the federal government fails to assume responsibility for establishing law and policy in important federal areas of jurisdiction, the individual states then spring into action to fill the vacuum. ...more

Farella Braun + Martel LLP

Cannabis Companies and the California Consumer Privacy Act

Farella Braun + Martel LLP on

The new California Consumer Privacy Act of 2018 (CCPA) will come into effect January 1, 2020.  By turning attention to the issue now, cannabis companies can ensure compliance with the new law without significant business...more

White & Case LLP

Chapter 4: Territorial application – Unlocking the EU General Data Protection Regulation

White & Case LLP on

Why does this topic matter to organisations? The GDPR does not necessarily apply to every organisation in the world. It applies to all organisations that are established in the EU. However, for organisations established...more

Mitratech Holdings, Inc

GDPR Compliance - How Tedium Hurts Legal Innovation

Mitratech Holdings, Inc on

The notion of GDPR compliance just took a whimsical new turn. The new rules already dictate compliance about personal data collection, use, and sharing. Now, they may help insomniacs comply with the need to catch up on their...more

Hogan Lovells

Getting to data nirvana: A legal and compliance guide to data value creation Chapter 3 – Regulatory silo-busting to optimize risk...

Hogan Lovells on

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. ...more

Thomas Fox - Compliance Evangelist

GDPR is Live

Thomas Fox - Compliance Evangelist on

Whether you are ready or not, the European Union (EU) General Data Protection Regulation (GDPR) goes live today, May 25, 2018. It will impact companies doing business in the United Kingdom (UK) and the EU as much as any other...more

Epiq

How will the GDPR impact international investigations?

Epiq on

GDPR: A Snapshot - The GDPR updates the EU’s 1995 framework data privacy law—which is outdated due to the technological advances that have occurred since the mid-1990s. The European Commission proposed the GDPR in 2012,...more

27 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide