Moving Beyond the Usual Helpline Data
Episode 381 -- NAVEX's 2025 Annual Hotline Report
CSC Guidance Unveiled: NIL Enforcement and Implications for Collectives — Highway to NIL Podcast
Daily Compliance News: July 22, 2025, The I-9 Hell Edition
New Virginia "Workplace Violence" Definition and Healthcare Reporting Law: What's the Tea in L&E?
What the One Big Beautiful Bill Act Means for Employers - #WorkforceWednesday® - Employment Law This Week®
Understanding the New Overtime Tax Policies in the Big Beautiful Bill
When DEI Meets the FCA: What Employers Need to Know About the DOJ’s Civil Rights Fraud Initiative
(Podcast) California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
Podcast - Navigating the Updated SF-328 Form
Five Tips for a New Public Company Director
Compliance Tip of the Day: Internal Control Deficiencies
Daily Compliance News: July 7, 2025 the Disaster on the River Edition
First 100 Days of the New HSR Rules with Antitrust Partner Kara Kuritz
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: What is a Gap Analysis
Compliance into the Weeds: Autonomous AI Whistleblowing Misconduct
REFRESH Nonprofit Basics: Federal Tax Filing Deadlines and Penalties
(Podcast) California Employment News: Back to the Basics of Employee Pay Days
The New York State Department of Financial Services (NYDFS) announced on August 14, 2025, resolution of civil enforcement action requiring Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2...more
In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer Privacy Act (CCPA) that specifically address the use of automated decisionmaking...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Australia has implemented a first-of-its kind requirement for eligible businesses to report ransomware payments. From 30 May 2025, eligible businesses that make a payment in response to a cyber security incident, or become...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
Last week, Erik Gerding, Director of the SEC’s Division of Corporation Finance (the Division), issued a statement providing clarification regarding the disclosure of cybersecurity incidents by reporting companies. This...more
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
On March 13, 2024, Utah enacted the Utah Artificial Intelligence Policy Act (UAIP), which imposes certain disclosure requirements on entities using generative AI tools with their customers, and limits an entity’s ability to...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
When I reflect on the relationship that our firm has with our clients, I’m most proud of the fact that you can always count on us. That often means defending complex litigation, steering you through regulatory threats,...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to approve final rules governing cybersecurity disclosures of public companies (“Final Rules”). The Final Rules make meaningful changes to the current and...more
Delaware courts have historically been reluctant to allow Caremark (or “board oversight”) claims to gain traction, describing such a claim as “possibly the most difficult theory in corporation law upon which a plaintiff might...more
Depuis le 22 septembre 2022, les entités du secteur privé exerçant des activités au Québec doivent aviser, avec diligence, la Commission d’accès à l’information (la « CAI ») de toute atteinte à la vie privée (soit un «...more
As of September 22, 2022, private-sector entities carrying on business in Quebec are required to notify Quebec’s Commission d’acces a l’information (CAI) and affected individuals of a privacy breach (referred to as a...more
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective...more
The month of March has seen significant developments in the cybersecurity and data protection space. Here are four key legal developments that could be critical to your business. . . ...more
On March 9, 2022, the SEC proposed new requirements for reporting of material cybersecurity incidents in 8-Ks and periodic reports as well as disclosure of board and management roles with respect to cybersecurity and of...more
On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of...more
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June...more
If your business is subject to the California Consumer Privacy Act (CCPA), and your business handles (in any manner set forth in the CCPA) the personal information of 10,000,000 or more California residents in a calendar...more
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
The first ever VIRTUAL Managed Care Compliance Conference will have the great speakers and content you have come to expect from the in-person event. Each year, we look forward to hosting compliance professionals at our...more
The recent decision in Illinois federal court in Hartford Fire Insurance Company v. iNetworks Services, LLC, 2020 U.S. Dist. LEXIS 53473 (N.D. Ill. Mar. 27, 2020), serves as an important reminder on the role of timely notice...more