Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
I didn’t plan on working in cybersecurity. My path wasn’t exactly traditional, but every job I had taught me how systems break—technical or operational, it didn’t matter. ...more
Information leaks pose a growing and multifaceted risk to organizations across sectors. While often associated with cybersecurity breaches, the majority of such incidents stem from human error or intentional misconduct. On 25...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Think of it as the compliance version of The Butterfly Effect – a small, unnoticed, action, or failure to act, somewhere in the organization that balloons over time into a much larger, material issue. Maybe an employee is...more
Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more
Ransomware attacks that shut business down to zero and data breaches that disclose the personal information of customers, vendors and employees justifiably strike fear in the hearts of executives everywhere. Organizations can...more
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
Hackers commit financial fraud by creating a fake email address mimicking the vendor’s name and emailing accounts payable saying that the vendor’s account information has been changed. Funds are then sent directly to the...more
Cybersecurity attacks, such as malware, phishing emails, and password attacks, are a growing threat to patients and medical practices. Cyber attacks can significantly disrupt patient care, including by exposing confidential...more
The Nigerian prince seems almost quaint. Gone are the days when the Nigerian prince was the only nefarious figure menacing our inboxes. A simple yet elegant scheme – our supposed prince unexpectedly fell upon a large sum...more
Like many other industries, manufacturing has been hit hard with labor shortages. As of April 2022, U.S. factory activity reportedly is at its slowest pace in more than 18 months. Consequently, many factories seek more...more
In many ways, the COVID-19 pandemic has served as a prime example of punctuated equilibrium. Shifts that have been slowly building for decades seemingly occurred overnight, giving us the contradictory sense that these changes...more
Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for...more
The global food and beverage e-commerce market is expected to grow to $22.4 billion in 2020, possibly reaching $36.4 billion in 2023. That’s up from $14.9 billion in 2019. Food and beverage e-commerce revenue in the United...more
The coronavirus crisis is far from over, and compliance professionals still need every scrap of guidance that regulators can provide about how to run compliance programs in these difficult times. So when the Securities and...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
On January 27, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its most recent Cybersecurity and Resiliency Observations. This report highlights specific practices that have been, and can be...more
Our Regional Compliance Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational opportunities for...more
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
• The NFA has determined that registered CPOs must implement an internal controls system and highlighted best practices for such a framework. • In response to certain frequently asked questions, the NFA has also updated its...more
When it comes to digital threats, universities must protect not only a broad and deeply layered infrastructure, but also vast populations of students. In this episode, Elisa D’Amico and Desiree Moore outline their top five...more
• On December 14, the SEC’s OCIE issued a Risk Alert summarizing the findings of its limited-scope examination initiative relating to electronic messaging. • Noting a “pervasive use” of electronic messaging by adviser...more
On October 16, 2018, the SEC issued a 21(a) report announcing that it had investigated whether certain public companies that were victims of oftentimes unsophisticated, cyber-related frauds had violated federal securities...more