From Forest to Fortune: Navigating Workplace Ethics With Robin Hood — Hiring to Firing Podcast
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Episode 381 -- NAVEX's 2025 Annual Hotline Report
AI and the False Claims Act
Disparate Impact & Enforcement Rollbacks: What’s the Tea in L&E?
What’s in Your Operating Agreement? Legal Tips for Healthcare Providers
Compliance Tip of the Day: AI and 3rd Party Risk Management
Daily Compliance News: July 31, 2025 the Forgotten Generation Edition
A New Brand of Uncertainty? — PE Pathways Podcast
The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Breaking the Cycle: Flooding, Infrastructure, and Climate Law in Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
Understanding BBB Ratings: Building Trust and Mitigating Risks — Regulatory Oversight Podcast
Compliance Tip of the Day: Bringing Predictive Analytics into Your Compliance Regime
Innovation in Compliance: Scaling Compliance Programs: Insights from a Navy Veteran and Compliance Leader
Daily Compliance News: July 29, 2025 the Is CEO Conduct Ever Personal Edition
Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
False Claims Act Insights - The Mathematics of Nuclear FCA Verdicts
Compliance Tip of the Day: Strategies for Embedding Compliance into your Organization
Most organizations rely on complex supply chains, and that reliance has become a point of vulnerability for cyberattacks. This spring, we have witnessed a large-scale cyberattack on a major British multinational retailer due...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more
When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
Cyber threats aren’t a distant possibility — they’re a daily reality. And according to IBM’s Cost of a Data Breach Report, they’re costing businesses more than ever. The global average data breach cost has surged to $4.88...more
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
What exactly is data exfiltration, and why should organizations be concerned about it? Data exfiltration is the movement or migration of company-owned trade secrets or intellectual property outside of the enterprise. It...more
In boardrooms, C-suites, and conference rooms across the country, the rapid pace of AI innovation is capturing the imagination of business leaders. Yet, amid this enthusiasm, there is a concerning trend, namely that many...more
Background - On March 21, 2025, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced a settlement with Health Fitness Corporation (“Health Fitness”), a company that provides wellness...more
Even the strongest IT/DR plans can fail if they aren’t proactive about avoiding these common mistakes. When systems go down, business grinds to a halt. Downtime leads to $9,000 in losses per minute on average, damaged...more
When law firms or legal departments face crises, whether that be a data breach exposing client information, allegations of professional misconduct, a high-profile case gone awry or something truly unexpected, strong...more
Cybersecurity in 2025 will continue to face escalating challenges from AI-driven threats, geopolitical tensions, and increased regulatory scrutiny. Organizations must adapt to sophisticated cyberattacks fueled by AI,...more
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more
On February 20, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $1.5 million civil money penalty (CMP) against Warby Parker, Inc. (WP). WP is a manufacturer and online...more
North Korean IT operatives are infiltrating U.S. and Western companies using stolen or fabricated identities, VPNs, and U.S.-based co-conspirators to gain unauthorized access to corporate systems. These insider threats pose...more
A recent cyberattack on a Michigan township has exposed weaknesses in the bond-closing process. In this incident, hackers stole over $25 million in bond proceeds by using spoofed email addresses to provide fraudulent wire...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
Today’s interconnected world presents significant challenges for managing cross-border e-discovery and data breach investigations. These processes—critical for legal proceedings and cybersecurity—are often complicated by...more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more