Compliance Tip of the Day: Bringing Predictive Analytics into Your Compliance Regime
Compliance into the Weeds: Sanctions Compliance Failures: Lessons from Harman International and Interactive Brokers
Sanctions Compliance Failures: Lessons from Harman International and Interactive Brokers
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 2 - Risk Assessment
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC
Compliance Tip of the Day: COSO Framework
#Risk New York Speaker Series: Exploring AI Risks in Compliance with Gwen Hassan
Healthcare Enterprise Risk Management
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
We have repeatedly warned our readers about the risks associated with TikTok. We are reminding our readers that the popular Temu app raises the same concerns....more
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
Key Takeaways - - The California Privacy Protection Agency (CPPA) is substantially revising its draft privacy regulations. - Definitions for automated decision-making technology (ADMT) and "significant decisions" are...more
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers...more
The California Privacy Protection Agency (CPPA) announced the formal public comment period for its latest proposed rulemaking package, which includes updates to existing regulations and introduces new guidelines for automated...more
The evolution of artificial intelligence (AI) has introduced systems capable of making autonomous decisions, known as agentic AI. While generative AI essentially “creates” – providing content such as text, images, etc. –...more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
Our Consumer Protection/FTC and Privacy, Cyber & Data Strategy teams unpack Starwood Hotels’ and Marriott International’s settlements with the Federal Trade Commission and Marriott’s settlement with state attorneys general...more
Are you responsible for privacy compliance at your company? This alert summarizes key takeaways from Paul Rothermel's recent presentation 10 Things You Should Know About Privacy, Consent, and HIPAA...more
On April 12, Nebraska Governor Jim Pillen signed Legislative Bill 1074 into law, making Nebraska the 16th U.S. state to enact a comprehensive privacy law. The Nebraska Data Privacy Act (NEDPA) will take effect on January 1,...more
The healthcare industry is among the most highly regulated industries when it comes to privacy protections. In addition to the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers also...more
On February 23, 2024, the California Privacy Protection Agency (CPPA) released updated draft regulations on the use of AI and ADMT. The key changes include: New and updated definitions, Increased scope for activities...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more
In December, the California Privacy Protection Agency (CPPA) published revised draft regulations on risk assessments required under the California Privacy Rights Act (CPRA). Under prior draft regulations, the CPPA will...more
The firm is pleased to distribute the Q4 2023 edition of All Eyes on AI: Regulatory, Litigation, and Transactional Developments, which closely follows the evolving regulatory landscape for artificial intelligence (AI) in the...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
The most recent meeting of the California Privacy Protection Agency was a lengthy one, with a jam-packed agenda. Part 1 of our look at what came out of that meeting is here. This post will analyze the discussion and draft...more
The California Privacy Protection Agency (“CPPA”) published a revised set of Draft Cybersecurity Audit Regulations ahead of the CPPA Board’s December 8, 2023 meeting. When the CPPA Board met on December 8, several key...more
The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming...more
In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more