Daily Compliance News: July 22, 2025, The I-9 Hell Edition
New Virginia "Workplace Violence" Definition and Healthcare Reporting Law: What's the Tea in L&E?
What the One Big Beautiful Bill Act Means for Employers - #WorkforceWednesday® - Employment Law This Week®
Understanding the New Overtime Tax Policies in the Big Beautiful Bill
When DEI Meets the FCA: What Employers Need to Know About the DOJ’s Civil Rights Fraud Initiative
(Podcast) California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
Podcast - Navigating the Updated SF-328 Form
Five Tips for a New Public Company Director
Compliance Tip of the Day: Internal Control Deficiencies
Daily Compliance News: July 7, 2025 the Disaster on the River Edition
First 100 Days of the New HSR Rules with Antitrust Partner Kara Kuritz
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance into the Weeds: Autonomous AI Whistleblowing Misconduct
REFRESH Nonprofit Basics: Federal Tax Filing Deadlines and Penalties
(Podcast) California Employment News: Back to the Basics of Employee Pay Days
California Employment News: Back to the Basics of Employee Pay Days
Nonprofit Quick Tip: State Filings in Virginia and West Virginia
Great Women in Compliance: Creating Space to Speak Up: The Story Behind Psst.org
REFRESH Nonprofit Basics: Insider Transactions and Nonprofits
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: North Dakota Passes Law...more
On February 20, 2025, the Polish Personal Data Protection Office (UODO) published an updated version of the guide on personal data protection breaches. The first edition was released in 2018. The latest version...more
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
In today's digital era, the volume of electronic data generated by organizations is staggering. For law firms conducting due diligence, managing this data while ensuring compliance with stringent data privacy regulations is a...more
The European Union published on July 12, 2024 the final text of its Artificial Intelligence (AI) Act, in force on August 1, 2024, which will implement material cybersecurity and incident reporting requirements, among other...more
In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our article titled An Introduction to the EU AI Act, we focused on applicability, thresholds, timing, and penalties related to the EU...more
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
On February 23, 2022, the European Commission released a proposal for the Corporate Sustainability Due Diligence Directive (CSDDD or the Directive). The Directive aims to mandate both EU and non-EU companies that conduct...more
ANTITRUST AND COMPETITION - The European Commission’s Merger Simplification Package Enters Into Force - On 20 April 2023, the European Commission (Commission) adopted a new legislative package that entered into force on 1...more
To paraphrase what Ben Franklin may have been alluding to nearly 300 years ago in his famous quote, often the best approach when it comes to reducing the risk of litigation and government enforcement proceedings is to take...more
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches. ...more
Whistleblowing in Europe has been governed by country-specific regulations, some of which differed widely in terms of content. A number of Member States did not even have a dedicated generally applicable protection system in...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
Takeaway: Although the enactment of the Italian Sunshine Act furthers the global expansion of healthcare transparency, the implied consent provision may not comply with the GDPR....more
We’ve had two seismic, discipline-altering events in Records Management in the last 20 years: 2006: change to the Federal Rules of Civil Procedures brought electronic records management to the forefront. 2011:...more
Adoption of a new law improving the protection of whistleblowers in companies with more than 50 employees. The law implements an EU directive and goes beyond the European requirements. A whistleblower remains a "natural...more
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
Despite political and economic uncertainties, markets and deal activity were resilient in 2019, and strong fundamentals remain in place heading into 2020. Companies continue to face a challenging litigation and enforcement...more
On 1 February, 2019, the National Information Security Standardization Technical Committee issued an amended version of the GB/T 35372-2017 Information Technology – Personal Information Security Specification for public...more
Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
Why does this topic matter to organisations? Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
We are pleased to announce the launch of our UK Employment Flash, covering the latest employment law developments, news and insights from the U.K. Our inaugural issue includes commentary on the U.K. government's proposed...more
Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data...more
Datenschutzgrundverordnung stark im Zeichen des Datenschutzes. Viele Unternehmen hatten die Mammut-Aufgabe, die relevanten Anforderungen des Datenschutzes an die Verarbeitung personenbezogener Daten umzusetzen. ...more