Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 2 - Risk Assessment
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC
Compliance Tip of the Day: COSO Framework
#Risk New York Speaker Series: Exploring AI Risks in Compliance with Gwen Hassan
Healthcare Enterprise Risk Management
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
On July 23, 2025, the Trump Administration released its AI Action Plan (“the Plan”), a long-anticipated roadmap for the federal government’s approach to AI governance that presents a number of implications for businesses...more
During a Board Meeting on July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously approved the long-awaited final text of its second rulemaking package, implementing a broad swath of new requirements...more
Join Thora Johnson and Jeremy Sherer to learn about: Evaluating compliance through privacy notices Key questions to address, from leadership accountability to employee training...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board voted to approve a long-awaited rulemaking package imposing substantial new compliance obligations on businesses subject to the California Consumer...more
At its latest meeting, the CPPA voted to finalize its regulations governing automated decisionmaking tools, cybersecurity audits, and privacy risk assessments - On July 24, the California Privacy Protection Agency ("CPPA")...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously adopted a comprehensive rulemaking package under the California Consumer Privacy Act (CCPA) that primarily addresses automated decisionmaking...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board approved a final package of amendments to the regulations implementing the California Consumer Privacy Act (CCPA). These sweeping changes impose...more
We have repeatedly warned our readers about the risks associated with TikTok. We are reminding our readers that the popular Temu app raises the same concerns....more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board held a public meeting to finalize major amendments to the CCPA regulations, including rules on Automated Decision-Making Technology (ADMT), risk...more
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) unanimously voted to adopt a package of Proposed Regulations for the California Consumer Privacy Act (“CCPA”), marking a significant development in...more
On July 24, 2025, during its scheduled Board Meeting, the California Privacy Protection Agency (CPPA) Board voted unanimously to finalize rules governing the use of automated decision-making technology, risk assessments,...more
“You don’t rise to the level of your goals. You fall to the level of your systems.” — James Clear - Most security programs look good on paper. Policies exist. Controls are mapped. Frameworks are followed. Audits get...more
As the California Privacy Protection Agency (CPPA) prepares for its July 24, 2025, meeting, it released a revised set of California Consumer Privacy Act (CCPA) regulations that contain modest changes to the ones it released...more
The Registration, Inspections and Examinations Division (“RIE”) of the Ontario Securities Commission (“OSC”) has released its 2025 examination priorities, which are informed by the OSC’s 2024-2030 Strategic Plan as well as...more
I didn’t plan on working in cybersecurity. My path wasn’t exactly traditional, but every job I had taught me how systems break—technical or operational, it didn’t matter. ...more
The European Banking Authority (EBA) has published its spring 2025 risk assessment report alongside a press release, outlining key developments and emerging risks within the European Union/European Economic Area (EU/EEA). The...more
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
On June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Defense Cyber Crime Center (DC3) published a...more
The FDA has finalized its guidance on cybersecurity for medical device premarket submissions, providing additional insight into the agency’s expectations for how manufacturers integrate cybersecurity risk management into...more
Most organizations rely on complex supply chains, and that reliance has become a point of vulnerability for cyberattacks. This spring, we have witnessed a large-scale cyberattack on a major British multinational retailer due...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its...more
The 2025 Mitratech Third-Party Risk Management (TPRM) Study conveys a clear message: the third-party risk landscape is evolving into a complex, interconnected ecosystem — one where every vendor, supplier, and partner plays a...more
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more