Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
A single outage can spiral into hours of downtime, frustrated customers, and significant revenue loss across your business....more
The Bank of England and the Prudential Regulation Authority (PRA) have released a letter to PRA-regulated firms and relevant financial market infrastructure (FMIs) outlining the thematic findings from the 2024 Cyber Stress...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
During the Biden administration, there was a push to prioritize and modernize cybersecurity responses, and the National Institute of Standards and Technology (NIST) agreed to work with the technology industry to develop a new...more
On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
Asking the right questions within your organization is key to effectively managing cyber risk. Here are 10 questions that you should ask your team...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
On October 16, the New York Department of Financial Services (DFS) issued a circular letter addressing cybersecurity risks related to the increasing use of artificial intelligence (AI) in relation to insurers, insurance...more
In a recent federal case from New York, the court dealt a blow to plaintiffs suing over data breaches. The plaintiffs had filed a putative class action suit, alleging that they (and others like them) had been harmed by the...more
In this post in our series on basic cybersecurity concepts for lawyers, we address open-source software (OSS) supply chain risk. OSS is software developed using an “open-source” protocol, meaning that its code is fully...more
Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more
MIT Report Details New Cybersecurity Risks - “Cloud misconfigurations, more sophisticated ransomware, and vendor exploitation attacks are contributing to rising cyberattacks.” Why this is important: Worldwide spending...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
Change Healthcare, an affiliate of Optum and UnitedHealth Group, processes more than 15 billion health care transactions annually and touches one of every three patient records. On February 21, Change disconnected its...more
The growing concern around cyberthreats for companies across the nation is reflected in the increasingly crowded legislative landscape that provides guidance to organizations, employers, employees, consumers, and investors....more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Editor’s Note: In a rapidly evolving technological landscape, understanding the capabilities and limitations of platforms like Microsoft 365 (M365) is crucial for law firms, especially in the realms of eDiscovery and...more
The Department of Homeland Security amended its regulations due to the urgent need to protect Controlled Unclassified Information. On June 21, 2023, the Department of Homeland Security (DHS or Department) issued a final...more
As cyber-attacks and data breaches pose an increasing threat to market participants, the US Securities and Exchange Commission (“SEC”) has become increasingly focused on the cyber risks to the public and the market at large....more
Online sports betting has become a booming industry in recent years, with millions of people placing bets and wagers from their phones and computers. Ever since Murphy v. NCAA, the 2018 case in which the United States Supreme...more
The Privacy Commissioner for Personal Data reminds organisations to review and implement appropriate data security measures amidst more data breaches. On 13 February 2023, the Privacy Commissioner for Personal Data of...more
The life cycle of a data security incident begins and ends with preparation. Unfortunately, there is no such thing as a network or system with “zero vulnerabilities.” There are jokes about absolute network security,...more
To help protect against criminal ransomware and cyberattacks, modern manufacturing plants should ensure they have reasonable physical, administrative, and technical safeguards in place....more
What exactly is cybersecurity whistleblowing? That is a question that all organizations should be asking, but the answer is not a simple one. According to the Merriam-Webster dictionary, a whistleblower is defined as an...more