We get Privacy for work — Episode 8: The Surge in Data Breach Lawsuits: Trends and Tactics
The Privacy Insider Podcast Episode 17: Security, Cyber-Intel, and a Sense of Humor with Nir Rothenberg of Rapyd
We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon Lipham of Maynard Nexsen
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Innovation in Compliance: The Critical Importance of Mobile Application Security: Insights from Subho Halder
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
Navigating the Maze: eDiscovery Essentials for Employers — Hiring to Firing Podcast
Top Healthcare Compliance Priorities for 2025
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
Episode 366 -- DOJ Issues Data Security Program Requirements
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more
Two delegated acts were published in the Official Journal of the European Union (OJ) in respect of the EU Digital Operational Resilience Act (DORA). These are: - Commission Delegated Regulation (EU) 2025/301, which comprises...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more
The European Supervisory Authorities (“ESAs”) published a roadmap to designate critical ICT third-party service providers (“CTPPs”) under the Digital Operational Resilience Act (“DORA”). To designate an ICT third-party...more
Firms involved in implementing changes to comply with new rules under the EU Digital Operational Resilience Act (DORA) have questioned whether financial services provided by other regulated firms may fall within the...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“DORA”), which establishes a uniform set of requirements relating to the security of network and information systems supporting financial...more
Beginning 17 January 2025, the Digital Operational Resilience Act (DORA) will apply to almost all EU financial entities, including banks, insurers and reinsurers, brokers , payment and electronic money institutions,...more
Key Points - - Political transitions in the West notwithstanding, we expect economic sanctions to remain a key response to geopolitical issues. - Current sanctions policy priorities are unlikely to shift markedly in...more
It’s DORA day! The EU financial services sector has been anticipating today since the Digital Operational Resilience Act was published in December 2022. DORA brings a significant shift to the sector in terms of how financial...more
DORA is now applicable, imposing requirements in respect of ICT risk management and digital operational resilience. Firms should be preparing their register of information ready for sharing with the CBI in April....more
Background - The Digital Operational Resilience Act (DORA), a European Union (EU) regulation that is set to transform how financial entities and their information technology (IT) service providers manage operational risks,...more
The Digital Operational Resilience Act (DORA) regulation is part of the European Union’s (EU) strategy to enhance the overall stability of the EU financial system by ensuring that financial entities are resilient to digital...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the...more
On February 14, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs released a draft motion for a resolution concerning the adequacy of protections afforded under the EU-US Data Privacy Framework....more
On 10 November 2022, the European Parliament approved two significant pieces of cybersecurity legislation: The Network and Information Security 2 Directive (“NIS2”); and The Digital Operational Resilience Act (“DORA”)....more
In last year’s publication we highlighted the top regulatory focus areas for our clients during 2020, concentrating on wholesale market structures and conduct risk. This publication outlines the primary focus areas in...more
Welcome to the 2020 edition of In Principle. With the United Kingdom (UK) leaving the European Union (EU) on31 January 2020, and moving into a transition period which will last until 31 December 2020, Brexit of courselooms...more
In the 2018 edition of this publication, we ended the introduction with the line, “We can only hope that we will enter 2019 with greater certainty than 2018 as to how the regulatory landscape will look.” Unfortunately,...more
Updates on the EU: German DPA Publishes First Privacy Shield Guidelines, Requires German-Law Contracts for Transfers. On June 7, 2016, the European Commission adopted the EU-U.S. Privacy Shield. One question that many...more
On 12 January 2016, the long-awaited revised Payment Services Directive (“PSD2”) came into force in Europe. This replaces the Payment Services Directive (“PSD”) that has been in place since 2007. The deadline for EU member...more