News & Analysis as of September 9, 2025

Risk Management

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

FTC Consumer Protection and Privacy Enforcement Series: PADFA Enforcement—What Companies Need to Know

Wiley Rein LLP on 8/13/2025

As part of our series to provide practical insights into emerging Federal Trade Commission (FTC) priority areas for consumer protection and data privacy enforcement, we are taking a deep dive into the Protecting Americans’...more

DOJ Issues Final Rule Restricting Flow of Bulk Sensitive Personal Data to China and Other Countries of Concern

Ropes & Gray LLP on 1/9/2025

On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States...more

DOJ Issues Final Rule Restricting Foreign Access to U.S. Data

King & Spalding on 1/8/2025

The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more

Fortifying US Data: Proposed Rule Would Establish a New Regime To Restrict or Prohibit Certain Data Transactions With Countries of...

Skadden, Arps, Slate, Meagher & Flom LLP on 12/18/2024

On October 29, 2024, the U.S. Department of Justice (DOJ) published a proposed rule (Proposed Rule) that would restrict or prohibit certain transactions with China, Russia and other countries of concern involving U.S....more

Key Considerations for Selling AI Software to the Government

Harris Beach Murtha PLLC on 10/11/2024

The federal government is the biggest purchaser in America and that extends to the SaaS space. On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, offering updated guidelines for the...more

Achieving SOC 2 Compliance

Mitratech Holdings, Inc on 7/22/2024

A Comprehensive Guide to Ensuring Data Security and Trust. 76% of users believe organizations must do more to protect their data. In an effort to lower this number and increase safety measures when it comes to customer...more

Cyber Resilience After the Change Healthcare Breach

Fenwick & West LLP on 5/6/2024

More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more

Creating an AI governance function: Part 2

Society of Corporate Compliance and Ethics... on 4/1/2024

This is Part 2 of a two-part series. Part 1 addressed the risks and restrictions organizations face in deploying artificial intelligence (AI) and the key elements of an AI strategy. This part details how to develop an AI...more

Pressure-Testing Your Privacy Program for 2024

BCLP on 1/5/2024

With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more

New York’s Department of Financial Services Amplifies its Cybersecurity Regulations

Patterson Belknap Webb & Tyler LLP on 11/14/2023

On November 1, 2023, the New York State Department of Financial Services (“DFS”) amended its cybersecurity regulations to institute additional standards and controls aimed at securing sensitive data among the financial...more

Health Care Due Diligence: An Ounce of Prevention is Worth a Pound of Cure

Butler Snow LLP on 9/26/2023

Due diligence properly performed in connection with the purchase and sale of a health care entity is simply different—vastly so—than due diligence performed in other contexts. Failure to recognize this reality can lead to...more

NYDFS Proposes Amendments to Cybersecurity Regulation

Holland & Knight LLP on 11/17/2022

The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more

Data Deletion under CPRA and GDPR, And How to Operationalize a Deletion Program

Ankura on 7/20/2021

Authors: David Manek, Joe Shepley and Mark Melnychenko The California Privacy Rights Act (CPRA) which goes live January 1, 2023 introduces data retention and deletion requirements very similar to those that we see in the...more

FINRA Reminds Broker-Dealers of their Obligations to Safeguard Customer Information and to Build Controls Designed to Protect...

BCLP on 5/27/2021

Key Takeaways: ..According to FINRA, the number of reported instances involving broker-dealer fraudulent account takeovers (ATO) and related theft is on the rise. ..As set forth in recently released FINRA Regulatory...more

14 Results

View per page

Page: of 1

Compliance › Sensitive Personal Information › Risk Management

"My best business intelligence, in one easy email…"