We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Congress is asking the financial industry – and anyone else with a stake in consumer data – to weigh in on the future of the Gramm-Leach-Bliley Act (GLBA). On July 31, the US House Financial Services Committee leaders issued...more
On May 16, the Securities and Exchange Commission (“SEC”) announced the adoption of amendments to Regulation S-P, aimed at modernizing and enhancing the rules governing the treatment of consumers’ nonpublic personal...more
On May 15, 2024, the Securities and Exchange Commission (the “SEC”) issued final amendments (the “Amendments”) to Regulation S-P (originally adopted in 2000), which governs the treatment of a customer’s nonpublic personal...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
Continuing a trend it has been pursuing, the CFPB on Thursday used a non-rulemaking circular (Consumer Financial Protection Circular 2022-04) to state that its UDAAP authority extends its enforcement authority to situations...more
The regular “Weekly Update” email from the Financial Industry Regulatory Authority (“FINRA”) had an eye-catching warning February 16, urging broker-dealer member firms to heed the “Shields Up” cyber threat warning from the...more
On October 27, 2021, the Federal Trade Commission (FTC) released a final rule that updates the Safeguards Rule of the Gramm-Leach-Bliley Act (Final Rule). This Final Rule comes after the FTC sought comment on proposed changes...more
OSFI, the Canadian Federal Office of the Superintendent of Financial Institutions, on August 13, 2021, issued new guidance on Technology and Cyber Security Incident Reporting, replacing prior guidance of March 2019....more
The Gramm-Leach-Bliley Act (GLBA) is a federal law that establishes various legal requirements for companies that qualify as “financial institutions” under the Act. The GLBA’s definition of a “financial institution” is...more
The Spanish Data Protection Agency (“Spanish DPA”) decided to start 2021 the same way it ended 2020: by imposing the highest fines to date (EUR 5,000,000 and 6,000,000) to two large Spanish financial entities. ...more
Happy Data Privacy Day! Since 2007, privacy professionals from across the globe have gathered together on January 28 to raise awareness about data privacy and security best practices and issues. ...more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
On July 21, 2020, the New York Department of Financial Services (DFS) filed a “Statement of Charges and Notice of Hearing” (the “Charges”) against First American Title Insurance Company (the “Company”) alleging violations of...more
Today we are very pleased to welcome guest blogger Moyara Ruehsen, PhD, CAMS, CFCS, who is an Associate Professor and Director of the Financial Crime Management Program at the Middlebury Institute of International Studies in...more
This week, I received a breach notification letter from a large financial institution stating that my personal information, including my name, Social Security number, account name and number, contact information, date of...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more
In view of Iran’s vows to retaliate against the United States for the death of Quassem Soleimani, the NYDFS has issued an industry letter to all regulated entities regarding the need for heightened cybersecurity precautions....more
In this miniseries, John ReVeal will discuss key issues and top of mind concerns for businesses under the California Consumer Privacy Act, which will go into effect January 1, 2020. In the second episode, John ReVeal...more
While we’ve all discussed the California Consumer Privacy Act (CCPA) at length, Nevada was busy amending its internet privacy law and in the process beat California’s deadline for the effective date by three months. Nevada’s...more
California enacted the nation’s most extensive consumer privacy law after only a week of legislative debate. The California Consumer Privacy Act of 2018 (“CCPA”) creates detailed notice, opt-out/opt-in, access, and erasure...more
The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to...more
For the last 18 years, most financial services businesses could sum up their privacy practices with just four letters: G-L-B-A, also known as Title V of the Gramm-Leach-Bliley Act, Public Law 106-102, and its implementing...more
Cybersecurity company Carbon Black recently issued a report of the results of a survey of chief information security officers (CISOs) of financial organizations, which showed that the financial industry is getting hammered by...more