Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
La Commissaire à l’information et à la protection de la vie privée de l’Ontario (la « CIPVP ») a publié un nouveau guide de gestion de la protection de la vie privée (le « Guide ») ayant pour but d’aider les petits organismes...more
SB 1120 (the “Bill”), which takes effect on January 1, 2025, amends existing California law to adopt guardrails around the use of artificial intelligence tools for the purpose of utilization management. As discussed in a...more
Organizations whose mantra is “We just never delete anything” (i.e., organizations simply retaining all information indefinitely) are now facing headwinds, especially when the information contains personal information. As our...more
There have been two important developments in the law applicable to the privacy and cybersecurity of group health plan participants’ health information. Plan sponsors must review plan policies and procedures, provider...more
Recent surveys indicate the widespread use of generative AI (artificial intelligence) and other artificial intelligence tools by employees in the workplace. This is hardly surprising, given the astonishing level of...more
Privacy issues are inherent in almost all facets of a business — from operations, employment, and technology to customer service, contracts, legal and compliance — all with varying degrees of risk. Most companies mitigate...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
On May 16, 2024, the U.S. Securities and Exchange Commission (“SEC”) adopted amendments to Regulation S-P (“Reg S-P”) that are intended to help protect investors’ privacy from the “expanded use of technology and corresponding...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
This article originally appeared on Thomson Reuters Westlaw Today on February 12, 2024. View the original article here. Robert Daniel and Mark Grant of Integreon, Inc. explore areas legal operations professionals should...more
U.S. Secretary of Transportation Pete Buttigieg recently announced the Department of Transportation (DOT) would undertake a privacy review of the nation’s ten largest airlines. Specifically, they will look at their policies...more
This article originally appeared in The Legal Technologist November/December 2023 Issue here. As individuals, we have the legal right to access personal data held by an organisation, and an increasing number of requests are...more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more
On July 14, 2023, the California attorney general (AG) announced a surprising “investigative sweep” into employer compliance with the California Consumer Privacy Act of 2018 (CCPA) and its implementing regulations, sending a...more
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally. On March 15, 2023, the SEC...more
As cyber-attacks and data breaches pose an increasing threat to market participants, the US Securities and Exchange Commission (“SEC”) has become increasingly focused on the cyber risks to the public and the market at large....more
This Memorandum is intended to remind you of certain U.S. annual requirements that may be applicable to your business and is divided into five sections. All investment advisers (whether or not registered with the Securities...more
Providers oftentimes ask how long they need to retain certain types of medical information. While there are some general rules regarding the timeframes for retaining medical information, the specific answer varies depending...more
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
California employers' reprieve from obligations to employees to disclose data privacy practices and provide access rights to employees appears to be coming to an end as the California Privacy Rights Act (CPRA) becomes...more
On September 20th, 2022, the Securities and Exchange Commission (“Commission”) entered a settled order (“Order”) against the wealth management arm of a global financial services firm (“Firm”) for its failure to protect...more
Though it was not long ago that resolutions of California Consumer Privacy Act (CCPA) readiness ushered in the new year, ‘tis the season once again to deck the halls with privacy compliance checklists. Retailers doing...more
Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA) will be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store,...more
Bill 64 largely tracks with already existing privacy regulations in other jurisdictions and will take effect over the course of the next three years, with some provisions taking effect in September 2022. On September 21...more
Case Overview - This week’s U.S. Securities and Exchange Commission enforcement cease-and-desist order (Order) In re App Annie Inc., out of the SEC’s San Francisco Regional Office, underscores the importance of taking...more