Wait, that’s covered? Insurability of Fines and Penalties Flowing From a Cybersecurity Breach
FCPA Compliance and Ethics Report-Episode 31-the FCPA Year in Review, Corporate Enforcement Actions
FCPA Compliance and Ethics Report-Episode 30-Interview with the FCPA Professor-Part 2
Condo complaints not in writing?
Health Data on Leased Photocopier Costs Company $1.2m—What Others Can Learn
On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK...more
NIS2 (Network and Information Systems Directive 2) is the updated version of the NIS Directive, which the EU first introduced in 2016. The original NIS Directive aimed to enhance cybersecurity across member states by...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
Editor’s Note: This webcast brings together some of HaystackID’s top experts to dissect the intricacies of Business Email Compromise (BEC) attacks—a rapidly growing threat impacting organizations globally. During the...more
ComplexDiscovery’s Editor’s Note: This recent €310 million fine imposed on LinkedIn by Ireland’s Data Protection Commission (DPC) marks a powerful moment in GDPR enforcement, underlining the regulatory rigor facing global...more
Paying the $1.3 million fine is the easy part. Complying with the CAP is a different undertaking. On Sept. 11, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an...more
Indiana's New Law is on the Books - Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
Despite the great strides companies have made to mitigate the risks associated with security breaches, including putting insurance in place to cover those risks, cyber criminals have remained two steps ahead, finding new and...more
Last Friday, China passed the world’s harshest data privacy law, threatening violators with fines of up to 50 million Yuan (or about $7.7 million at the time of publication) or 5% of annual revenue. The Personal Information...more
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
The Spanish Data Protection Agency (“Spanish DPA”) decided to start 2021 the same way it ended 2020: by imposing the highest fines to date (EUR 5,000,000 and 6,000,000) to two large Spanish financial entities. ...more
The Editors' Note - Welcome to the third issue of Decoded, Spilman's e-newsletter focusing on technology law, including data security, privacy standards, financing technologies, and digital-based means of conducting...more
• On October 17, Senator Ron Wyden (D-OR) introduced legislation to establish baseline privacy and cybersecurity protections and issue fines to companies and criminal penalties to senior executives. • The New Democrat...more
Big Picture Takeaways: Facebook faces many detailed requirements for internal and external governance and oversight with extensive reporting requirements...more
In this episode of OnRisk, Lucas Tanglen and Jeff Meagher discuss the cyber insurance implications of the European Union’s new privacy regulation—the General Data Protection Regulation or GDPR. The GDPR, which took effect on...more
The Securities and Exchange Commission recently settled with Voya Financial Advisors, Inc. for alleged violation of Regulation S-ID (otherwise known as the Identity Theft Red Flags Rule) and Regulation S-P (otherwise known as...more