We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK...more
On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
In December 2019, the UK Information Commissioner’s Office (ICO) imposed a fine of £275,000 on Doorstep Dispensaree Limited (DDL) for multiple contraventions of the GDPR. On December 9 2024, five years on and three judgments...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more
Editor’s Note: This webcast brings together some of HaystackID’s top experts to dissect the intricacies of Business Email Compromise (BEC) attacks—a rapidly growing threat impacting organizations globally. During the...more
New York AG Letitia James settled with US Radiology Specialists, Inc. to resolve allegations that the private radiology group violated New York’s Executive Law and General Business Law by failing to adequately protect...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
On May 12, 2022, the European Data Protection Board (EDPB) published its long-awaited Guidelines 04/2022 on the calculation of fines under the General Data Protection Regulation (GDPR). After many data protection authorities...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
Despite the great strides companies have made to mitigate the risks associated with security breaches, including putting insurance in place to cover those risks, cyber criminals have remained two steps ahead, finding new and...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
New York’s Department of Financial Services (“DFS”) announced on Wednesday, March 3, 2021, that an independent mortgage lender, Residential Mortgage Services Inc. (“RMS”), has agreed to pay a $1.5 million fine to the agency...more
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
The Editors' Note - Welcome to the third issue of Decoded, Spilman's e-newsletter focusing on technology law, including data security, privacy standards, financing technologies, and digital-based means of conducting...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
With it being Halloween, October being National Cybersecurity Awareness Month, and 2019 drawing to an end, let’s take a look at the data privacy breaches giving compliance professionals a fright this year! ...more
Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000....more
Any doubt that the world of data protection changed profoundly when the European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, were solidly dispelled when the United Kingdom’s Information...more