DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
As part of Data Privacy Awareness Week, Ward and Smith is spotlighting the most common types of data breaches that businesses encounter. In Part 1, we explored the industries most vulnerable to cyberattacks, highlighting the...more
It is no secret that ransomware dominates headlines, and cybersecurity incidents have become part of our everyday language. However, the criminal “business model” behind ransomware keeps evolving. Originally published in...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
The European Commission’s adoption on 23 October 2024 of the two regulations (Regulations) supplementing the [the Regulation on digital operational resilience for the financial sector Publications Office (europa.eu)] (DORA)...more
The New York Department of Financial Services (DFS) has issued guidance, in the form of an industry letter, on addressing cybersecurity risks arising from artificial intelligence (AI) under its cybersecurity regulation, 23...more
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
Share on Twitter Print Share by Email Share Back to top “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” Those were among the remarks that U.S. Securities and...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
When negotiating technology or data services contracts, businesses of all sizes and industries are now spending more time and attention on privacy controls. The increasing prevalence of comprehensive U.S. state privacy laws...more
The SEC continued its recent onslaught of proposed cybersecurity rules in mid-March with three new proposals covering a litany of entities, including investment advisers, broker-dealers, investment companies, clearing...more
The global cyber threat landscape is rapidly evolving. The number of attacks, threat vectors, and endpoints continues to grow exponentially alongside the average time to detect and respond to a security incident. Today,...more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
Organizations experiencing a security incident must grapple with numerous competing issues simultaneously, usually under a very tight timeframe and the pressure of significant business disruption. Engaging qualified service...more
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
The SEC, through its Office of Compliance Inspections and Examinations (“OCIE”), recently issued its most detailed cyber guidance to date. OCIE had previously issued several cybersecurity risk alerts over the past few years....more
We all know that businesses rely on a large number of third-party vendors to support their business operations. Many of these third parties require access to a company’s data and its internal information and technology...more
In light of a recent Wipro data breach, Wipro’s customers should move quickly to take operational and contractual precautions to help minimize the breach’s potential effects on their organizations. Wipro, the India-based...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
Although organizations have dealt with privacy issues for years, only in the past decade have they begun to view the complexities of privacy as requiring formal organizational structure, dedicated employees, and/or dedicated...more
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more
What Is GDPR?- The EU General Data Protection Regulation (GDPR),—described as “the most important change in data privacy regulation in 20 years”—becomes enforceable by law on May 25, 2018. After four years of preparation...more
Data breaches are a reality that all businesses need to take seriously. Knowing your vulnerabilities is only part of the solution. You and your key stakeholders should be prepared with an incident response plan that defines...more
On Dec. 28, 2016, the New York State Department of Financial Services (NYDFS) published a revised version of its “Cybersecurity Requirements for Financial Services Companies” (the “Regulations”). The revised Regulations...more
We are thrilled to bring you the third installment of Stinson Leonard Street's Emerging Trends newsletter. We are proud of the depth and breadth of experience and knowledge across our firm's 13 offices nationwide and are...more
On September 13, 2016, the New York State Department of Financial Services (DFS) proposed new rules that would require certain “Covered Entities” to establish and implement cybersecurity programs designed to protect nonpublic...more