Information Security and ISO 27001
A Compliance Officer Turned Board Member's Advice
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
Unauthorized Access: An Inside Look at Incident Response
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Cyberside Chats - Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Modernize your Information Governance: Building a Framework for Success
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Canna We Talk Cannabis? Cybersecurity Risks Bring Growing Pains to Cannabis Businesses
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Phishing and Vishing and Smishing (Oh my!): New Types of Scams Require Increased Vigilance
As AI adoption accelerates in healthcare, compliance, privacy, and risk teams are under pressure to adapt. Join experts from NAVEX and Granite GRC to learn how a proactive AI governance strategy can help you stay compliant,...more
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
Section 847 is widely regarded as a seismic shift that will result in a jump from 2,000 to 41,000 cases being processed annually! In anticipation of this, DCSA has been scaling up their resources and personnel. ACI’s 8th...more
Information leaks can range from exposures of internal decisions and salary data to the disclosure of intellectual property, strategy documents, or board minutes. Whether accidental or intentional, these leaks demand...more
While technology plays a pivotal role in cybersecurity, the human element is equally crucial. An organization's culture can significantly influence the effectiveness of its cybersecurity measures. A strong cybersecurity...more
May 1 is World Password Day, a day for organizations to remind their employees of the importance of using strong passwords and practicing good password hygiene to protect personal and work accounts. It’s a time for...more
On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act...more
On April 23, 2025, Quebec’s Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents (Regulation) will come into force. Issued by...more
Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a...more
On April 8, the OCC announced it had notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. The incident involved unauthorized access to emails and their...more
This winter, Latham’s Investment Funds Practice provided guidance on the Securities and Exchange Commission’s (SEC) 2025 examination priorities for private fund advisers in the latest installment of the Private Funds...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
The PRC National Technical Committee 260 on Cybersecurity of SAC (“TC260”) published new Guidelines on Identifying Sensitive Personal Information (“Guidelines”) on 18 September 2024, nearly three months after it released the...more
On October 31, OIG for the Fed and the CFPB released its 2024 Audit of the Board’s Information Security Program. The audit found that the Board’s information security program continues to operate at a level-4 (managed and...more
On October 21, 2024, the US Securities and Exchange Commission ("SEC") Division of Examinations ("Examination Division") announced its 2025 Examination Priorities ("Report"). Investment advisers and broker-dealers should...more
On October 21, 2024, the Division of Examinations (“EXAMS” or the “Division”) of the U.S. Securities and Exchange Commission (“SEC”) released its examination priorities (the “2025 Priorities”) for fiscal year 2025 (which...more
Country Status Legislation* Commentary Austria Available here Austria has submitted the “Network and Information Security Act” for Parliament’s consideration. It is anticipated that the “Network and Information Security Act”...more
Cybersecurity Awareness Month was established more than 20 years ago to provide resources to enable organizations and their employees to stay safer and more secure online...more
Artificial intelligence (AI) has the power to revolutionize health care. In oncology, there are now opportunities to apply AI to support diagnostics, predictive analytics, and administrative functions. This hot topic was...more
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized...more
Learning Objectives: - Explain the evolution of state data protection laws over the past year - Explore the focus on protecting health consumers - Describe practical approaches on how to build a privacy program when...more
ISO 27001 is the leading standard for information security management systems. As Mel Blackmore, CEO of UK-based Blackmores explains, it is a framework that applies and is of value regardless of an organization’s size, sector...more
Our latest six eDiscovery case law rulings MAY be our best ever! See what I did there? Our May 2024 monthly webinar of cases covered by the eDiscovery Today blog discusses disputes related to prolonged lack of cooperation in...more
Keypoint: Colorado employers and controllers that collect and process biometric data and identifiers will need to comply with disclosure, consent, and retention requirements beginning on July 1, 2025. In late April, the...more