eDiscovery and Compliance Programs
ERGs: Valuable or Vulnerable?
Managing Whistlelbowers
Data Driven Compliance: The Failure to Prevent Fraud Offense: Insights for US General Counsels with Mike DeBernardis
Compliance Tip of the Day: Using AI to Embed Your Compliance Program
Compliance Tip of the Day: Trust and Verify
Great Woman in Compliance: Building Strategic and Effective Risk Assessments
Compliance into the Weeds: The Dark Side of AI in Employee Training
Compliance Tip of the Day: AI Assistant for Compliance
Innovation in Compliance: Gaurav Kapoor on Risk Management and the Role of AI in GRC
How to Balance Diverse Views in the Office
Compliance Tip of the Day: Costs and Benefits of AI
Adventure in Compliance: The Novels - The Valley of Fear, Whistleblowers and Corporate Compliance
Sunday Book Review: August 17, 2025, The More Books from the Ethicsverse Library Edition
Compliance Tip of the Day: How a CFO Views Compliance and Risk
Data Driven Compliance – James Tillen on the Importance of Cross-Functional Collaboration in Complying with the FTPF Offense
We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Great Women in Compliance: The Mind at Work with Lynette Buebird
Compliance Tip of the Day: Finance Models for Compliance
Compliance Tip of the Day - Extending Compliance Value Across Your Organization
One key lesson from the ongoing ransomware epidemic is clear: threat actors don’t discriminate. It doesn’t matter who you are or what your business does — if they see an opening, they’ll exploit it, ready or not. Despite...more
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
Change Healthcare, an affiliate of Optum and UnitedHealth Group, processes more than 15 billion health care transactions annually and touches one of every three patient records. On February 21, Change disconnected its...more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Editor’s Note: In a rapidly evolving technological landscape, understanding the capabilities and limitations of platforms like Microsoft 365 (M365) is crucial for law firms, especially in the realms of eDiscovery and...more
To help protect against criminal ransomware and cyberattacks, modern manufacturing plants should ensure they have reasonable physical, administrative, and technical safeguards in place....more
Crises and uncertainty are inevitable forces in modern business, particularly in cyber and digital. General counsels and legal risk executives are well suited to lead preparedness and resiliency for future crises, uniting key...more
Universities Share Lessons Learned from Ransomware Attacks "According to a recent Sophos poll of IT professionals, 44 percent of educational institutions suffered ransomware attacks in 2020, and 58 percent of those hit...more
Like many other industries, manufacturing has been hit hard with labor shortages. As of April 2022, U.S. factory activity reportedly is at its slowest pace in more than 18 months. Consequently, many factories seek more...more
2021 continued the trend of increased regulatory focus on privacy and cybersecurity for private investment funds in the U.S. and abroad. There are no signs of the trend leveling off any time soon. One of the topics that...more
A Ward and Smith attorney, Information Technology professional and Privacy Officer outlined a variety of best practices and tips for businesses dealing with data security and privacy issues. The webinar, one in a series...more
The federal banking agencies recently issued a final regulation that will require a bank to notify its primary federal regulator of a cyberattack, or computer-security incident, no later than 36 hours after the bank...more
The Canadian Institute’s 11th Annual Forum on U.S. Export & Re-Export Compliance for Canadian Operations will take place in Toronto on January 25–27! IN-PERSON and LIVESTREAM options available. Over the last decade, this...more
Report on Patient Privacy 21, no. 11 (November, 2021) - Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more
A ransomware attack is no company’s idea of a good time, but I do sense one positive development emerging from the epidemic of attacks we’ve witnessed this year: Boards and senior management agree that they must move beyond a...more
It is hard to find a news post without a story on a ransomware attack. The National Security Council has issued an open letter warning all businesses to be alert and prepared for ransomware attacks. Various industry groups...more
With 46% of UK business reporting a cyber attack during 2019/2020 and 32% reporting at least one a week – see the UK Government’s Cyber Security Breaches Survey 2020 – the UK’s Financial Conduct Authority (“FCA”) has issued a...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
At the end of January, the U.S. Securities and Exchange’s Office of Compliance Inspections and Examinations (OCIE) released its “Observations on Cybersecurity and Resiliency Practices” (Observations)....more
A recent report from The Seattle Times provides details on a series of social engineering and ransomware attacks successfully perpetrated on a Seattle suburb during the second half of 2017. The incidents of cyber scams...more
On August 7, 2017, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released a summary of its observations (the report) from cybersecurity examinations of 75...more