DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Two recent high profile settlements signal that the Federal Trade Commission (“FTC”) will continue to aggressively enforce violations of the Children’s Online Privacy Protection Act (“COPPA”). In a particularly high-profile...more
On August 28th, Mandiant issued an update to its previous Salesloft Drift advisory. Therein, Mandiant discussed that Salesloft issued a security notification on Aug. 26 regarding its Drift application. At that time, it...more
Salesloft issued a security notification on August 26 regarding its Drift application. It appears to be a broad opportunistic attack on Salesloft/Drift instances integrated with Salesforce tenants. Salesloft issued updates...more
The U.S. Department of Treasury (Treasury) released final and proposed regulations under § 861 of the Code addressing the U.S. federal income tax classification of digital content and cloud computing transactions (the “Final...more
The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation. With effect from 17 January 2025, a broad range of EU...more
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
With under six months to go until the European Union Digital Operational Resilience Act (DORA) becomes applicable on 17 January 2025, DORA implementation projects are running full steam ahead. DORA lays down uniform...more
UPDATE: On April 11, the Department of Education (Department) published a blog post updating the latest Third-Party Services (TPS) Dear Colleague Letter (DCL) which was published on February 15, 2023 (updated February 28,...more
As we explained in our last post, managing ediscovery in the cloud is the only viable solution for dealing with the massive amount of electronic data involved in litigation today. Nextpoint has been an advocate for...more
Retailers, financial services firms, and many other companies utilize third party session replay software to maintain a record of interactions with visitors to their websites for a variety of useful purposes, including to...more
As more and more SaaS providers, in digital health, fintech, and other industries, look for ways to integrate with and offer third-party applications (in their quest for powerful network effects), they eventually reach a...more
As defined by Gartner, Shadow IT refers to IT devices, software and services outside the ownership or control of information technology (IT) organizations. These are any IT projects that are managed outside of – and...more
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
The Justice Department’s National Security Division used the SAP comprehensive settlement of export control and sanctions violations to send a message – a loud and clear one....more
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
Planning for a change in service providers can sometimes feel like a logistical nightmare, but with proper planning and a long-term outlook, you can ward off operational issues that may arise during the process of...more
Vendor management is a complex task, yet a necessary undertaking for any organization dealing with third parties. ...more
A wide variety of business and consumer platforms host mutually beneficial ecosystems. But these ecosystems are also fraught with antitrust risk that arises when platforms try to terminate or modify the terms of third-party...more
ANALYSIS - Maximizing Teleconferencing Privacy - With much of the nation under orders that limit employees’ ability to go into the office, organizations around the world are increasingly moving entire businesses online...more
Are you about to sign a service agreement with a third-party service provider under which it will access and use technology of your company? Have you checked your applicable third-party contracts to see if you need any...more
January 14, 2020, the Board of Regents formally adopted Part 121 to the Commissioner’s Regulations to implement Education Law § 2-d. The regulation will become effective January 29, 2020. This regulation primarily addresses...more
Welcome - Welcome to the fourth 2019 issue of Product Lines – our quarterly e-newsletter that focuses on toxic torts and product liability issues. For this edition, we are reporting on several important and timely legal...more
On September 20, the U.S. Court of Federal Claims dismissed a $600 million copyright infringement claim against the U.S. Navy. Bitmanagement Software GMBH v. United States involved virtual reality software that the Navy...more
Delta Sues Software Provider Over Data Breach - Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
Last week the Department of Justice (DOJ) announced a $57 million settlement with electronic health record (EHR) software vendor Greenway Health LLC (Greenway). According to DOJ, Greenway violated the False Claims Act (FCA)...more