For full functionality of this site it is necessary to enable JavaScript. Here are the instructions to help you enable JavaScript in your web browser.

Data Security

Risk Mitigation
Incident Response
Litigation

Feb. 1, 2023

Data Breaches and the Private Credit Market: Assessing Borrower Cyber Preparedness

Feb. 1, 2023

AI Governance Gets Real: Tips From a Chat Platform on Building a Program

Jan. 18, 2023

Electronic Communications, Cooperation Standards and Other Emerging Trends in the SEC’s Oversight of Private Funds

Jan. 11, 2023

A Ransomware Tabletop’s 360-Degree Incident Response View: Day Five Through Post-Mortem

Jan. 4, 2023

A Ransomware Tabletop’s 360-Degree Incident Response View: Days One to Four

Dec. 14, 2022

Recent FTC Cases Highlight Evolving Regulatory Expectations in the Use of Multi-Factor Authentication

Dec. 7, 2022

Google Settlement Shows DOJ's Increased Focus on Data Preservation

Nov. 30, 2022

Understanding and Implementing Privacy Audits

Nov. 16, 2022

Ransomware Evolution: Government Efforts and Cyber Insurance

Nov. 9, 2022

Ransomware Evolution: Growing Threats and Response Considerations

Oct. 26, 2022

Takeaways From the New Push for a Federal AI Law

Oct. 26, 2022

Navigating the Interplay of Breach Response and Breach Notification

Oct. 19, 2022

A New Era of Cyber Incident Reporting and Cybersecurity Regulation: How Companies Should Prepare and Engage

Oct. 12, 2022

A New Era of Cyber Incident Reporting and Cybersecurity Regulation: Key Provisions

Oct. 5, 2022

The Great Resignation: Cyber Risks in the Crypto Sector

Sep. 28, 2022

Using Software Bills of Materials to Bolster Security in Contracting

Sep. 28, 2022

The Increasing Threat of Supply Chain Cyberattacks: How to Avoid Being a Statistic

Sep. 21, 2022

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

Sep. 21, 2022

Trio of Settled Enforcement Actions Highlights SEC Concerns About Identity Theft Policies and Procedures

Sep. 14, 2022

Shaping the BIPA Landscape: Avoiding Liability

Sep. 07, 2022

Cyber Crisis Communications – “No Comment” Is Not an Option

Aug. 17, 2022

Understanding and Implementing DoD’s Cybersecurity Requirements

Aug. 17, 2022

The SEC’s 2022 Reg Flex Agendas: Major Proposals and Ambitious Timelines

Aug. 10, 2022

Protecting Against Crypto Theft

Jul. 27, 2022

A Checklist to Help Fund Managers Assess Their Cybersecurity Programs

Jul. 27, 2022

Employee Data Under the CPRA: Rights Requests, Privacy Policies and Enforcement

Jul. 20, 2022

Corporate Compliance and Enforcement Hot Topics With IBM VP Una Dean

Jul. 20, 2022

Employee Data Under the CPRA: Key Rights and Restrictions

Jul. 13, 2022

CPRA Draft Regulations: Essential Takeaways and 10 Actions to Take Now

Jul. 13, 2022

New AI Rules: Five Compliance Takeaways

Jun. 22, 2022

New AI Rules: States Require Notice and Records, Feds Urge Monitoring and Vetting

Jun. 15, 2022

New AI Rules: NYC First to Mandate Audit

Jun. 8, 2022

Revised DOJ Guidance Clarifies Liability Protections for Good-Faith Security Research

Jun. 1, 2022

Tesco Is Making Big Strides With Little Learning Leaps

May 18, 2022

Navigating the Intersection of Blockchain and Data Privacy Laws

May 4, 2022

Cybersecurity and Privacy Teams Join to Create Data Governance Councils

May 4, 2022

Effective Use of Privacy Impact Assessments

Apr. 13, 2022

Advice From a CPO on Balancing Insider Threat Management and Privacy

Apr. 6, 2022

How to Measure Whether Your Company Is Ready to Catch Lots of Phish

Mar. 30, 2022

As Email Scams Surge, Training Lessons From 115 Million Phishing Messages

Mar. 30, 2022

Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements

Mar. 16, 2022

Securing Emerging Technologies Without Hampering Innovation: Government Initiatives and How Companies Can Adapt

Mar. 9, 2022

Securing Emerging Technologies Without Hampering Innovation: Private Sector Challenges

Mar. 2, 2022

Prioritizing Public-Private Partnerships in an Increasingly Complex Regulatory Environment

Feb. 23, 2022

Limiting Data Breach Liability in Cloud Service Agreements

Jan. 26, 2022

Lessons From SolarWinds

Jan. 19, 2022

Privacy Resolutions for 2022

Jan. 19, 2022

Privacy and Security Due Diligence in M&A Transactions: Going Beyond the Questionnaire

Jan. 12, 2022

Cybersecurity Resolutions for 2022

Jan. 5, 2022

Using Technology to Build in Data Governance for Improved Security and Privacy

Jan. 5, 2022

A Guide to Privacy Frameworks: Implementation and Maintenance

Dec. 15, 2021

Understanding Differential Privacy

Dec. 15, 2021

A Guide to Privacy Frameworks: Finding the Best Fit

Dec. 8, 2021

Privacy Tech Products Hold Promise but Sector Faces Hurdles

Dec. 8, 2021

A Guide to Privacy Frameworks: Examining Options

Nov. 17, 2021

Data Localization: Cybersecurity Challenges Abound

Nov. 17, 2021

Practical Approaches to Conducting Transfer Impact Assessments Under the GDPR

Nov. 10, 2021

Data Localization: New Compliance Headaches and Costs Across the Globe

Nov. 10, 2021

Cyber Insurance Litigation Trends Amid Rising Ransomware Attacks

Nov. 3, 2021

Checklist for Building an Identity-Centric Cybersecurity Framework

Nov. 3, 2021

Data Localization: Laws Spread and Enforcement Rises

Oct. 27, 2021

IOSCO Issues Final Guidance on AI and Machine Learning

Oct. 6, 2021

How to Build Insider Risk Programs to Satisfy Global Employee Privacy Laws

Oct. 6, 2021

Fund Managers Must Ensure Adequate Security Measures Under Safeguards Rule or Risk SEC Enforcement Action

Sep. 29, 2021

Resilience CEO Explains Insurance Industry’s Ambitious Initiative to Bolster the Nation’s Cybersecurity

Sep. 29, 2021

SEC Cybersecurity Disclosure Enforcement Heats Up: Best Practices

Sep. 22, 2021

Jacki Cheslow on IEEE’s Remote Program Assessment

Sep. 22, 2021

Examining the Intersection of Voiceprints and Data Privacy Laws

Sep. 15, 2021

Essential Technology Contract Elements

Sep. 15, 2021

Electronic Communications: Using Third Parties for Compliance, Mitigating Social Media Risks and Fulfilling Document Requests

Sep. 15, 2021

Leadership Insights From CPOs at Google, J.P. Morgan and Dow Jones

Sep. 8, 2021

Imperva’s Global Data Privacy Officer Discusses Privacy by Design

Aug. 18, 2021

A Look Inside Businesses’ Private Disputes Over Ransomware Costs

Aug. 4, 2021

Evaluating Privacy and Cybersecurity Risks in Emerging Technology Transactions: Artificial Intelligence and EdTech

Jul. 28, 2021

Adopting a Cloud-First Mindset: How Operational Resilience and Security Issues Change Without On-Premises Infrastructure

Jul. 28, 2021

Incident Response in the Financial Services Industry

Jul. 21, 2021

Understanding Common Hacking Techniques and Forensic Analysis

Jun. 23, 2021

How the NYDFS Drives Cybersecurity in the Financial Services Industry

Jun. 2, 2021

Post-COVID Compliance Strategies: Dealing With Persistent Heightened Risks

Jun. 2, 2021

AI Compliance Playbook: Adapting the Three Lines Framework for AI Innovations

May 26, 2021

CISA and DHS Counsel Explain Cybersecurity Executive Order’s Key Provisions

May 19, 2021

Cybersecurity in a 5G World: Tackling the Challenges With Revised Strategies

May 19, 2021

Negotiating Reps, Warranties and Remedies in Technology Contracts

May 12, 2021

How Law Firms Can Prevent, Detect, and Respond to Ransomware Attacks

May 12, 2021

How Three Companies Embarked on AI Compliance Journeys

May 5, 2021

Two Settlements Show NYDFS’ Hidden Power to Use Other States’ Breach Laws

May 5, 2021

Doing More With Less: Tools for Managing Third-Party Risk With Scarce Resources

Apr. 28, 2021

AI Compliance Playbook: Understanding Algorithm Audits

Apr. 28, 2021

Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia

Apr. 21, 2021

AI Compliance Playbook: Seven Questions to Ask Before Regulators or Reporters Do

Apr. 14, 2021

AI Compliance Playbook: Traditional Risk Controls for Cutting-Edge Algorithms

Apr. 7, 2021

Former Twitter and eBay Counsel Talks Overblown Fears, Third-Party Data Management, and CDA Section 230

Mar. 31, 2021

How Do You Put a System of Controls in Place When Your Target Keeps Moving?

Mar. 31, 2021

Managing Vendor Contracts From the Data Controller's Perspective

Mar. 24, 2021

Digital Identity Management in a Post-Pandemic World: A Framework for Identity-Centric Cybersecurity

Mar. 24, 2021

Privacy and Security Provisions in Vendor Agreements: Key Data Processing Considerations

Mar. 17, 2021

Virtual Currencies: Opening a New Avenue for Financial Crimes

Mar. 17, 2021

Digital Identity Management in a Post-Pandemic World: SolarWinds, Zero Trust and the Challenges Ahead

Mar. 17, 2021

Privacy and Security Provisions in Vendor Agreements: Assessing the Risks

Mar. 10, 2021

Preparing for the CPRA’s New Consumer Rights Requirements

Mar. 10, 2021

AI for Compliance: Five Workarounds for Asymmetric Data Sets

Mar. 10, 2021

Familiar and Fresh Mandates in Virginia’s New Privacy Law

Mar. 3, 2021

Six Ways to Address Privacy Concerns in Biometric Vendor Contracts

Feb. 17, 2021

A Fake Zoom Invite Hack: Eight More Lessons

Feb. 17, 2021

Wray Highlights Benefits of FBI Coordination With Public and Private Sectors

Feb. 10, 2021

A Fake Zoom Invite Hack: What Happened and Three Lessons

Feb. 10, 2021

What the New Information Security Reporting Standards Mean for Financial Institutions

Feb. 3, 2021

Getting Started With CMMC: How to Prepare and What to Expect From the Assessment

Feb. 3, 2021

How to Prevent and Handle Disputes Over Ransomware Insurance Claims

Jan. 27, 2021

Getting Started With CMMC: Understanding Goals, Requirements and Challenges

Jan. 20, 2021

eDiscovery in Multi-Jurisdictional Investigations: Preparing to Play Multi-Level Chess

Jan. 20, 2021

Privacy Resolutions for 2021

Jan. 13, 2021

Checklist for IoT Security Audits

Jan. 13, 2021

Cybersecurity Resolutions for 2021

Jan. 13, 2021

Can the Cybersecurity Industry Improve Cooperation to Beat Threats?

Jan. 6, 2021

Maintaining Privacy While Staying Competitive in an Evolving Regulatory Landscape

Jan. 6, 2021

Six Practical Tips for Building an Effective Privacy Risk Assessment Program

Dec. 16, 2020

How Will the Biden Administration’s Approach to Cybersecurity Impact the Private Sector?

Nov. 18, 2020

Asset Disposal and Vendor Management Lessons From Morgan Stanley's OCC Settlement

Nov. 18, 2020

Show Me the Data: How to Conduct Audits for Data Minimization

Nov. 4, 2020

A Guided Tour of Enterprise IoT Device Hazards

Nov. 4, 2020

Vulnerability Management: Increasing Communication to Prevent Problems From Hiding in Plain Sight

Oct. 28, 2020

Vulnerability Management: Understanding the Risks of External Scanning

Oct. 21, 2020

Steps to Take After OFAC and FinCEN’s Warnings on Ransomware Payoffs

Oct. 21, 2020

Senior Commerce Official Discusses Supply Chain Security and Cyber Policy

Oct. 21, 2020

How Lockheed Uses Big Data to Evaluate Risk at Small Worksites

Oct. 14, 2020

Vulnerability Management: What You Don’t Know From Your External Scans Can Be Used Against You

Oct. 7, 2020

Avoiding Denial of Insurance Claims During the Pandemic

Oct. 7, 2020

How to Address Intensifying Enterprise IoT Security Risks

Oct. 7, 2020

Tips and New Benchmarks for Creating Effective Tabletop Exercises

Sep. 16, 2020

Four Principles Underlying Microsoft’s Compliance Analytics Program

Sep. 16, 2020

How Can Your Firm Avoid Being the Next Target of a Cultural Engineering Attack?

Sep. 9, 2020

IOSCO Offers Six Risk Mitigation Measures for AI and Machine Learning

Sep. 2, 2020

Understanding and Evaluating Cyber Insurance in an Evolving Market

Sep. 2, 2020

Business Continuity Plans, Budgets and More: Hot Compliance Topics for Investment Advisers

Aug. 12, 2020

Six Compliance Lessons From NYDFS’ First Cybersecurity Regulation Enforcement Action

Aug. 5, 2020

How to Achieve Trustworthy AI Using the European Commission’s Final Assessment List

Aug. 5, 2020

CCPA and Online Ads: Contract and Compliance Consequences

Jul. 29, 2020

CCPA and Online Ads: Facebook Finally Acts, AG Starts Enforcement

Jul. 29, 2020

Evolution and Mitigation of Insider Cyber Threats During COVID-19

Jul. 22, 2020

Business Continuity Planning: Key Provisions and Third-Party Considerations

Jul. 15, 2020

Back to the Table: CCPA Regulations Spark New Wave of Service-Provider Negotiations

Jun. 24, 2020

Perspectives From the Public and Private Sectors on Information Sharing During COVID-19

Jun. 17, 2020

The Current State and Future of AI Regulation

Jun. 3, 2020

How CISOs Can Use Digital Asset Metrics to Tell a Coherent Cyber Story to the Board

May 27, 2020

Insights on Building a Compliance Program at a New Company

May 27, 2020

How to Facilitate a Safe and Privacy Compliant Return to Work: Contact Tracing

May 13, 2020

Setting Your Company Up to Win Cyber Insurance Battles

May 13, 2020

NIST Privacy Framework: Privacy Controls for an Era of Digital Transformation

May 6, 2020

How Asset Managers and Others Can Mitigate Pandemic-Related Operational Risks and Maintain Business Continuity

May 6, 2020

NIST Privacy Framework: Insights on New Tool for Managing Privacy Risks

Apr. 29, 2020

Understanding Insider Trading Based on Data Breaches Amidst Heightened Regulatory Scrutiny

Apr. 29, 2020

The Pandemic Effect: How Compliance and Enforcement Are Evolving

Apr. 15, 2020

Six Ways to Be Prepared for the SEC’s Focus on Cybersecurity and Resiliency

Apr. 8, 2020

Wide-Ranging Lessons From Notable Breaches in Q1

Apr. 8, 2020

DOJ Guidance on How Companies Should Pursue Stolen Data on the Dark Web

Apr. 1, 2020

When Do Force Majeure Clauses Excuse Performance?

Mar. 25, 2020

Are Companies Turning a Blind Eye to Their Lost Data on the Dark Web?

Mar. 25, 2020

Companywide Work From Home: Six Cybersecurity Considerations

Mar. 18, 2020

The Ongoing Complexity of Vendor Risk: Top 5 Considerations for C-Level Leaders

Mar. 18, 2020

The Keys to Encryption: Effective Policies, Legal’s Role and Third Parties

Mar. 11, 2020

The Keys to Encryption: Legal and Regulatory Framework

Mar. 11, 2020

Privacy and Cyber Due Diligence in M&A Transactions

Mar. 11, 2020

NIST’s New IoT Standard: Inspiring a Wave of New Device Security Guidance

Mar. 4, 2020

The Keys to Encryption: Uses and Implementation Challenges

Mar. 4, 2020

Safeguards for Proper Disposal of Hardware: Effective Inventories, Policies and Due Diligence

Mar. 4, 2020

NIST’s New IoT Standard: Boosting Security As States Launch Laws

Feb. 19, 2020

Best Practices for Using Alternative Data: Mitigating Regulatory Risks

Feb. 12, 2020

Compliance Records Are a Strategic Gold Mine

Feb. 12, 2020

Best Practices for Using Alternative Data: Collection and Provider Management

Feb. 5, 2020

The Rise of Facial Recognition Technology: Mitigating Risk

Feb. 5, 2020

Defining, Implementing and Documenting “Reasonable Security”

Jan. 29, 2020

The Rise of Facial Recognition Technology: Mapping the Legal Framework

Jan. 22, 2020

The Rise of Facial Recognition Technology: Uses and Risks

Jan. 15, 2020

When Does Social Engineering Fraud Qualify for Insurance Coverage?

Jan. 8, 2020

How eBay and PayPal Use Key Performance Indicators to Evaluate and Improve Privacy Programs

Dec. 18, 2019

A New Norm: Prescriptive FTC Settlement With InfoTrax Addresses Reasonable Security Measures

Dec. 11, 2019

How to Handle E.U. Data Subject Access Requests

Dec. 11, 2019

Not Just GDPR: Examining the Other European Privacy Laws

Dec. 4, 2019

What Cyber Insurance Covers, What to Watch For and How to Get the Right Policy

Dec. 4, 2019

U.K. and U.S. Sign First E-Evidence Pact Under the CLOUD Act: A Look at the Privacy Protections

Nov. 20, 2019

AI for Fund Managers and Beyond: How to Automate the Legal Department and Maintain Privacy

Nov. 13, 2019

Updating Cyber Policies to Align With Recent SEC Exams and Guidance

Nov. 13, 2019

Updating Vendor Agreements to Comply With CCPA: Non-Third Parties and Key Steps

Nov. 6, 2019

Updating Vendor Agreements to Comply With CCPA: Service-Provider Exemption and Corporate Approaches

Nov. 6, 2019

Choosing Cybersecurity Insurance in a New Risk Environment

Oct. 30, 2019

Reconciling Technology Development, Security and the Lawyer’s Role

Oct. 30, 2019

Guide to Cybersecurity Training: Assessing Effectiveness and Avoiding Pitfalls

Oct. 23, 2019

ICO Enforcement Takeaways After Marriott and British Airways

Oct. 23, 2019

CFTC Issues $1.5-Million Fine After Phishing Attack

Oct. 16, 2019

How Much Cyber Insurance to Buy Based on How Claims Are Paid

Oct. 16, 2019

How Uber, eBay and Pitney Bowes Built Principles-Based Global Privacy Programs

Oct. 9, 2019

DOJ Spotlights Emerging Issues and Protection Strategies Around Business Email Compromise Attacks

Oct. 2, 2019

CCPA Close-Up: Review of Amendments and How to Prepare for Compliance

Sep. 25, 2019

Vulnerability Disclosure Policies: A Cost-Effective Best Practice for Cybersecurity

Sep. 18, 2019

Strategies and Tactics for Developing an Effective Tabletop Exercise (Part One of Two)

Sep. 11, 2019

Using “Red-Teaming” to Test and Improve Cyber Defenses

Aug. 21, 2019

Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA

Aug. 14, 2019

Capital One Breach Demonstrates Risk of Overlooking Vulnerabilities When Sending Data to the Cloud

Aug. 7, 2019

Report Shows Strategic Buy-In From Executive Leadership Is the Key Driver of Successful Risk Mitigation

Aug. 7, 2019

Lessons From SDNY Ruling on How to Preserve Privileged Communications With Attorney Consultants

Aug. 7, 2019

How Facebook’s $5-Billion FTC Settlement Is Shaping Compliance Expectations

Jul. 17, 2019

Maine Enacts Sweeping Broadband Customer Privacy Law

Jun. 26, 2019

Preparing for the Latest SEC Cyber Sweeps

Jun. 19, 2019

Tips From Lockheed and Groupon on Developing GC-CISO Partnerships to Improve Security and Incident Response

Jun. 12, 2019

Dos and Don’ts of Choosing a Cyber Insurance Broker and Navigating the Application Process

Jun. 12, 2019

CCPA Priorities: Tackling Data Subject Rights Requests and Vendors

May 29, 2019

FINRA RegTech Conference Examines Digital Identification, Suspicious Activity Reporting and Machine Learning

May 15, 2019

What Does It Mean to Be Technologically Competent?

May 8, 2019

Making the Case for Increased Privacy Budgets Using Data and Diplomacy

Apr. 17, 2019

Guidelines for Securing Effective Cyber Insurance Policy Terms

Apr. 17, 2019

GPEN Report Highlights Key Areas for Data Privacy Improvement

Apr. 3, 2019

FCA Evaluates Firms’ Cyber Resilience

Mar. 27, 2019

Navigating the Risks of Alternative Data Collection and Use

Mar. 27, 2019

Companies May Need to Re-Examine Approach to Breach Response Preparedness According to Experian Survey

Mar. 27, 2019

How Private Equity Firms Can Mitigate Portfolio Company Cybersecurity Risk

Mar. 20, 2019

Increased Post-Breach Discovery Turns Spotlight on Privilege

Mar. 13, 2019

Mitigating the Risks of Open-Source Software

Mar. 6, 2019

The NYDFS’ Cybersecurity Regulation’s Third-Party Requirement and Beyond

Mar. 6, 2019

Benefits and Risks of Open-Source Software and How the Financial Sector Is Using It

Feb. 27, 2019

Preparing for the CCPA: Securing Buy-In and Setting the Scope

Feb. 20, 2019

Implications of the Illinois Supreme Court’s BIPA Holding Against Six Flags

Feb. 20, 2019

ACA Aponix-NSCP Cyber Survey Finds Growing Numbers of Security Incidents, Cloud Use and Regulatory Burdens

Feb. 20, 2019

Fixing the Chinks in Companies’ Cyber Armor: Executives

Feb. 13, 2019

FINRA Report Addresses Common Cybersecurity Risks and Recommends Mitigation Measures

Feb. 13, 2019

Practical Ways to Incorporate Security Protection Into Supplier Agreements

Jan. 23, 2019

Illinois Federal Court Denies Standing in BIPA Claim Against Google

Jan. 16, 2019

How a New Ethics Rule and Error in Manafort Case Highlight the Importance of Lawyers’ Technology Competence

Jan. 16, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part Two of Two)

Jan. 9, 2019

Ten Cyber and Privacy Resolutions for the New Year

Jan. 9, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part One of Two)

Dec. 19, 2018

Ponemon Report Cites Third-Party Risk Management Shortfalls and Offers Best Practices

Dec. 12, 2018

Illinois Appellate Decision Creates Split on Standing to Sue Under BIPA

Dec. 12, 2018

Implications of a Dynamic Regulatory and Threat Environment on E.U. and U.S. Cyber Insurance Markets

Dec. 5, 2018

Tips from EY’s Forensics Team on Recognizing and Preventing BEC Attacks

Nov. 14, 2018

Negotiating SaaS Agreements

Nov. 7, 2018

How to Improve Risk Analysis in the Wake of the Anthem’s Record Settlement

Nov. 7, 2018

WhiteHat Report on the Software Lifecycle and Visa Bug Bounty Program Demonstrate the Need for Greater App Security

Oct. 24, 2018

The Hidden Requirements in NYDFS’ Cybersecurity Regulation

Oct. 17, 2018

Using Cyber Insurance to Mitigate Risk: Policy Management and Breach Response

Oct. 10, 2018

Lessons From the SEC’s First Red Flags Rule Settlement

Oct. 10, 2018

Using Cyber Insurance to Mitigate Risk: Getting Savvy About Cost and Policy Terms

Oct. 3, 2018

Lax Privacy Policies, Security Measures and Vendor Oversight Lead to FTC Settlement for Mobile Phone Manufacturer

Oct. 3, 2018

Using Cyber Insurance to Mitigate Risk: Finding an Insurer and Navigating the Application Process

Sep. 26, 2018

Five Takeaways From the Fiserv Wake-Up Call

Sep. 19, 2018

Measures for Resolving Business Disputes Over Data Privacy and Security

Sep. 19, 2018

Evolving Roles of Privacy and Security Professionals: Operationalizing Policies, Incident Response and Vendor Management

Sep. 12, 2018

Information Sharing in the Private Sector: Lessons From the Financial Services Industry

Sep. 5, 2018

How the GDPR Will Affect Private Funds’ Use of Alternative Data

Aug. 22, 2018

A Fund Manager’s Roadmap to Big Data: Privacy Concerns, Third Parties and Drones

Aug. 22, 2018

Protecting Against the Security Risks of Departing Employees

Aug. 15, 2018

Checklist Approach to Effective Third-Party Vendor Oversight

Aug. 8, 2018

Essential Cyber, Tech and Privacy M&A Due Diligence Considerations

Jul. 18, 2018

Overcoming Barriers to Cross-Border Data Flows, Contract Provisions and Other Digital Transformation Issues

Jul. 18, 2018

GDPR Essentials for the Financial Sector: Compliance Steps (Part Two of Three)

Jul. 11, 2018

Is Encryption Obligatory? HHS Upholds Texas Hospital $4.3M HIPAA Fine

Jul. 11, 2018

GDPR Essentials for the Financial Sector: Benchmarking and Assessing the Risks (Part One of Three)

Jun. 27, 2018

How to Maintain Effective and Secure Long-Term Vendor Relationships: Finding and Addressing the Issues (Part Two of Two)

Jun. 20, 2018

How to Maintain Effective and Secure Long-Term Vendor Relationships: Understanding the Risks (Part One of Two)

Jun. 6, 2018

Analyzing New and Amended State Breach Notification Laws

Jun. 6, 2018

What Lawyers Need to Know About Security Technologies and Techniques (Part Two of Three)

May 30, 2018

Understanding the Intersection of Law and Artificial Intelligence

May 30, 2018

Compliance 2.0: The Role of Data and Behavioral Science in Risk Management

May 16, 2018

Countdown to GDPR Enforcement: Final Steps and Looking Ahead

May 16, 2018

How to Ensure GDPR-Compliant Third-Party Relationships

Apr. 25, 2018

Eight Steps for Protecting Trade Secrets Across Global Enterprises

Apr. 18, 2018

When and How Legal and Information Security Should Engage on Cyber Strategy: Vendors and M&A (Part Three of Three)

Apr. 11, 2018

When and How Legal and Information Security Should Engage on Cyber Strategy: Assessments and Incident Response (Part Two of Three)

Mar. 28, 2018

When and How Legal and Information Security Should Engage on Cyber Strategy: It Starts With Governance (Part One of Three)

Mar. 28, 2018

Beware of False Friends: A Hedge Fund Manager’s Guide to Social Engineering Fraud

Mar. 28, 2018

Evaluating Cybersecurity Coverage in Light of the GDPR

Mar. 14, 2018

Developing an Effective Third-Party Management Program

Mar. 14, 2018

How Will the GDPR Affect Due Diligence?

Feb. 28, 2018

Financial Firms Must Supervise Their IT Providers to Avoid CFTC Enforcement Action

Feb. 14, 2018

Biometric Data Protection Laws and Litigation Strategies (Part Two of Two)

Feb. 14, 2018

NY AG and HHS Flex Regulatory Muscles in Recent Protected Health Information Breach Settlements

Jan. 31, 2018

Biometric Data Protection Laws and Litigation Strategies (Part One of Two)

Jan. 31, 2018

How to Make Data Work for You: A Conversation With a Law Firm’s Chief Data Analytics Officer and Its CISO

Jan. 17, 2018

NIST Program Manager Explains Pending Changes to Its Cybersecurity Framework

Dec. 20, 2017

Effective M&A Contract Drafting and Internal Cyber Diligence and Disclosure

Dec. 6, 2017

Actions Under Biometric Privacy Laws Highlight Related Risks

Dec. 6, 2017

How to Move Beyond a Checklist Approach to Third-Party Oversight

Nov. 8, 2017

How to Mitigate the Risks of Open-Source Software (Part Two of Two)

Nov. 8, 2017

IBM Cybersecurity Counsel Offers Techniques for Speaking the Same Language as the C-Suite When Managing Cyber Risk

Oct. 25, 2017

How to Mitigate the Risks of Open-Source Software (Part One of Two)

Oct. 25, 2017

Advice From Recruiters on How to Attract the Best and Brightest Security and Privacy Leadership

Oct. 25, 2017

How to Outsource Vulnerability Assessments to Hackers

Oct. 11, 2017

How to Successfully Incorporate the Role of the Chief Technology Officer

Oct. 11, 2017

FTC Launches Stick With Security Series, Adding Detail and Guidance to Its Start With Security Guide (Part Two of Two)

Oct. 11, 2017

Practical and Ethical Data-Protection Steps for Law Firms

Oct. 11, 2017

Lessons From the Equifax Breach on How to Bolster Incident Response Planning (Part Two of Two)

Sep. 27, 2017

FTC Settlements in Privacy Shield Cases and With Lenovo Over Use of “Man-in-the-Middle” Software Highlight Vigorous Enforcement Efforts

Sep. 27, 2017

Lessons From the Equifax Breach on How to Bolster Incident Response Planning (Part One of Two)

Sep. 27, 2017

Audit of Websites’ Security, Privacy and Consumer Practices Reveals Deficiencies Despite Overall Progress

Sep. 13, 2017

Unlocking Encryption: An Attorney Weighs in on Balancing Security and Practicality (Part Three of Three)

Sep. 13, 2017

Negotiating an Effective Cloud Service Agreement

Aug. 23, 2017

Unlocking Encryption: A CISO’s Perspective on Encryption As Only One Strategy (Part Two of Three)

Aug. 23, 2017

Inside Advice on the Growing Cyber Insurance Market for the Financial Sector

Aug. 9, 2017

How to Make an Informed Policy Selection in the Dynamic Cyber Insurance Market

Aug. 9, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part Two of Two)

Aug. 9, 2017

Identifying and Managing Third-Party Cybersecurity Risks for Asset Managers

Aug. 9, 2017

Unlocking Encryption: A Consultant’s View on Navigating Encryption Options and Persuading Reluctant Organizations (Part One of Three)

Jun. 3, 2015

Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans

Jul. 26, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)

Jul. 12, 2017

How Small Businesses Can Maximize Cybersecurity Protections and Prioritize Their Spending

Jun. 28, 2017

Cyber Crisis Communication Plans: What Works and What to Avoid (Part Two of Two)

Jun. 14, 2017

Navigating the Evolving Cyber Insurance Market

Jun. 14, 2017

Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?

Jun. 14, 2017

How Internal Audit Can Improve Cybersecurity

May 31, 2017

Using Big Data Legally and Ethically While Leveraging Its Value (Part Two of Two)

May 31, 2017

One Year Until GDPR Enforcement: Five Steps Companies Should Take Now

May 31, 2017

Advice on Incorporating Cybersecurity in eDiscovery

May 31, 2017

Defending Against the Rising Threat of Ransomware in the Wake of WannaCry

May 17, 2017

Tracking Data and Maximizing Its Potential

May 17, 2017

Using Big Data Legally and Ethically While Leveraging Its Value (Part One of Two)

May 17, 2017

Investigative Realities: Working Effectively With Forensic Firms (Part Two of Two)

May 3, 2017

Investigative Realities: Working Effectively With Forensic Firms (Part One of Two)

May 3, 2017

Infrastructure Cybersecurity Challenges: A View Through the Oil and Gas Pipeline Lens

Apr. 19, 2017

How to Ensure Cyber Risks Do Not Derail an IPO

Apr. 19, 2017

Effective and Compliant Employee Monitoring (Part Two of Two)

Apr. 19, 2017

What In-House and Outside Counsel Need to Know About ACC’s First Model Cybersecurity Practices for Law Firms

Apr. 5, 2017

Effective and Compliant Employee Monitoring (Part One of Two)

Apr. 5, 2017

Multimillion-Dollar Scheme Serves As Backdrop for Lessons on Preventing and Mitigating Phishing Attacks

Apr. 5, 2017

Proactive Steps to Prevent Legal Pitfalls in Bug Bounty Programs

Mar. 22, 2017

Forensic Firms: Effective Vetting and Collaboration (Part Three of Three)

Mar. 22, 2017

Assessing Regulatory Responsibility When Reporting Postmarket Cybersecurity “Corrections” to the FDA

Mar. 22, 2017

How to Establish and Manage a Successful Bug Bounty Program

Mar. 8, 2017

A Real-Life Scenario Offers Lessons on How to Handle a Breach From the Inside

Mar. 8, 2017

Forensic Firms: Key Contract Considerations and Terms (Part Two of Three)

Feb. 22, 2017

Forensic Firms: Understanding and Leveraging Their Expertise From the Start (Part One of Three)

Feb. 8, 2017

How Fund Managers Can Prepare for Investor Cybersecurity Due Diligence

Jan. 25, 2017

FTC Data Security Enforcement Year-In-Review: Do We Know What “Reasonable” Security Is Yet?

Jan. 11, 2017

Ten Cybersecurity Priorities for 2017

Dec. 14, 2016

Considerations for Managing Cybersecurity and Privacy Risk in Outsourcing Contracts

Dec. 14, 2016

Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity

Nov. 30, 2016

Attorney-Consultant Privilege? Structuring and Implementing the Kovel Arrangement (Part Two of Two)

Nov. 30, 2016

New NIST and DHS IoT Guidance Signal Regulatory Growth

Nov. 30, 2016

Using a Risk Assessment as a Critical Component of a Robust Cybersecurity Program (Part Two of Two)

Nov. 30, 2016

Exploring the New Frontier of International Regulations on Importing and Exporting Encryption Technology

Nov. 30, 2016

Tech Meets Legal Spotlight: What to Do When IT and Legal Slow the Retention of a Third-Party Vendor

Nov. 16, 2016

Using a Risk Assessment as a Critical Component of a Robust Cybersecurity Program (Part One of Two)

Nov. 16, 2016

WilmerHale Attorneys Explain the Evolving Cybersecurity Environment of the Energy Sector

Nov. 16, 2016

Attorney-Consultant Privilege? Key Considerations for Invoking the Kovel Doctrine (Part One of Two)

Nov. 16, 2016

Increasing Role of Counsel Among Operational Shifts Highlighted by Cyber Risk Management Survey

Nov. 2, 2016

How to Protect Against Weaponized Devices in Light of the Massive Denial-of-Service Attack

Nov. 2, 2016

Guide to Getting Your Security Program Certified Under ISO 27001

Nov. 2, 2016

FBI Veteran Discusses Using Law Enforcement’s Cyber Resources to Improve Security and Obtain Board Buy-In

Nov. 2, 2016

Advice From Blackstone and Tiffany CISOs on Fighting Cybercrime

Nov. 2, 2016

Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part Two of Two)

Oct. 5, 2016

Examining Newly Released Privacy and Security Guidance for the Fast-Driving Development of Autonomous Cars

Oct. 19, 2016

How the Financial Services Industry Can Handle Cybersecurity Threats, Acquisition Diligence and Breach Response

Oct. 19, 2016

Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part One of Two)

Oct. 19, 2016

Taking Action to Refocus on Security: Conversation With a CIO

Oct. 19, 2016

Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture

Oct. 5, 2016

ISAO Organization Releases a Roadmap to Cyber Threat Information Sharing

Oct. 5, 2016

Essential Cyber Due Diligence Considerations in M&A Deals Raised by Yahoo Breach

Sep. 21, 2016

What Private Companies Can Learn From the OPM Data Breaches

Sep. 21, 2016

Staying Cybersecure Without Mobile Device Management

Sep. 21, 2016

Learning How to Pick the Best Policy from Cyber Insurance Cases (Part Two of Two)

Sep. 7, 2016

What Cyber Insurance Cases Teach About Picking the Best Policy (Part One of Two)

Sep. 7, 2016

Using Information Sharing to Combat Cyber Crime While Protecting Privacy

Sep. 7, 2016

Navigating Online Identity Management’s Risks and Regulations

Sep. 7, 2016

Understanding Data Privacy and Cybersecurity in China (Part One of Two)

Aug. 24, 2016

Cybersecurity Due Diligence in M&A Is No Longer Optional

Aug. 24, 2016

Fulfilling the Ethical Duty of Technology Competence for Attorneys

Aug. 3, 2016

Key Post-Breach Shareholder Litigation, Disclosure and Insurance Selection Considerations

Aug. 3, 2016

Procedures for Hedge Fund Managers to Safeguard Trade Secrets From Rogue Employees

Jul. 20, 2016

How the Financial Services Industry Can Manage Cyber Risk

Jul. 20, 2016

Using Data Analytics to Combat Internal Cyber Threats

Jul. 6, 2016

Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow

Jul. 6, 2016

Mitigating Cyber Risk in M&A Deals and Third-Party Relationships

Jul. 6, 2016

Technology Leader Discusses How to Deal With the Growing Threat of Ransomware

Jul. 6, 2016

Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part Two of Two)

Jun. 22, 2016

Cyber Insurance Challenges Highlighted by Court’s Denial of P.F. Chang’s Claim

Jun. 22, 2016

Assistant Attorney General Leslie Caldwell Addresses the Challenges of Cross-Border Cooperation and Electronic Evidence Gathering

Jun. 22, 2016

Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part One of Two)

Jun. 8, 2016

Minimizing Class Action Risk in Breach Response

Jun. 8, 2016

Vendor Cyber Risk Management: 14 Key Contract Terms (Part Two of Two)

Jun. 8, 2016

Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes

Jun. 8, 2016

How Financial Service Providers Can Use Cyber Insurance to Mitigate Risk

May 25, 2016

A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Does Your Plan Work? (Part Three of Three)

May 25, 2016

Do You Know Where Your Employees Are? Tackling the Privacy and Security Challenges of Remote Working Arrangements

May 25, 2016

Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks

May 25, 2016

Vendor Cyber Risk Management: Nine Due Diligence Questions (Part One of Two)

May 11, 2016

Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach

May 11, 2016

A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: Seven Key Components (Part Two of Three)

Apr. 27, 2016

A Guide to Developing and Implementing a Successful Cyber Incident Response Plan: From Data Mapping to Evaluation (Part One of Three)

Apr. 27, 2016

Don’t Overlook Commercial General Liability Insurance to Defend a Data Breach

Apr. 27, 2016

Regulators Speak Candidly About Cybersecurity Trends, Priorities and Coordination

Apr. 13, 2016

A Look Inside the Cybersecurity and Privacy Law Department of a Top Defense Company

Apr. 13, 2016

Study Analyzes How Companies Can Overcome Cybersecurity Challenges and Create Business Value

Mar. 30, 2016

How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients

Mar. 30, 2016

Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

Mar. 16, 2016

CSIS’ James Lewis Discusses Balancing Law Enforcement and Privacy

Mar. 16, 2016

Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program (Part Three of Three)

Mar. 2, 2016

How the American Energy Industry Approaches Security and Emphasizes Information Sharing

Feb. 17, 2016

Cybersecurity Preparedness Is Now a Business Requirement

Jan. 20, 2016

Defining, Documenting and Measuring Compliance Program Effectiveness

Jan. 6, 2016

Opportunities and Challenges of the Long-Awaited Cybersecurity Act of 2015

Jan. 6, 2016

How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)

Dec. 9, 2015

Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part Two of Two)

Dec. 9, 2015

The Multifaceted Role of In-House Counsel in Cybersecurity

Dec. 9, 2015

Avoiding Privacy Pitfalls While Using Social Media for Internal Investigations

Nov. 25, 2015

How to Protect Intellectual Property and Confidential Information in the Supply Chain

Nov. 25, 2015

Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)

Nov. 25, 2015

Implementing an Effective Cloud Service Provider Compliance Program

Nov. 25, 2015

Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part One of Two)

Nov. 11, 2015

How to Reduce Cybersecurity Risks of Bring Your Own Device Policies (Part Two of Two)

Nov. 11, 2015

What Companies Can Learn from Cybersecurity Resources in Pittsburgh

Oct. 28, 2015

Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

Oct. 28, 2015

Transferring Risk Through the Right Cyber Insurance Coverage

Oct. 28, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

Oct. 14, 2015

Energy Industry Demonstrates Public-Private Cybersecurity Coordination

Oct. 14, 2015

How to Reduce the Cybersecurity Risks of Bring Your Own Device Policies (Part One of Two)

Oct. 14, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

Sep. 30, 2015

Protecting the Crown Jewels Using People, Processes and Technology

Sep. 30, 2015

Learning from the Target Data Breach About Effective Third-Party Risk Management (Part Two of Two)

Sep. 30, 2015

Protecting and Enforcing Trade Secrets in a Digital World

Sep. 16, 2015

How the Legal Industry Is Sharing Information to Combat Cyber Threats

Sep. 16, 2015

Learning from the Target Data Breach About Effective Third-Party Risk Management (Part One of Two)

Aug. 12, 2015

How the Hospitality Industry Confronts Cybersecurity Threats that Never Take Vacations

Aug. 12, 2015

Surveys Find Internal and Third-Party Cybersecurity Risks Among Top Executive Concerns

Jul. 29, 2015

How to Prevent and Manage Ransomware Attacks (Part Two of Two)

Jul. 15, 2015

Conflicting Views of Safety, Vulnerability and Privacy Fuel Encryption Debate

Jul. 1, 2015

Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part Two of Two)

Jul. 1, 2015

SEC Commissioner Says Public-Private Partnership Is Key to Effective Cybersecurity

Jul. 1, 2015

Cybersecurity and Information Governance Considerations in Mergers and Acquisitions

Jun. 17, 2015

In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two)

Jun. 17, 2015

Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment

Jun. 17, 2015

Model Cybersecurity Contract Terms and Guidance for Investment Managers to Manage Their Third-Party Vendors

Jun. 3, 2015

Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients

Jun. 3, 2015

Private and Public Sector Perspectives on Producing Data to the Government

Jun. 3, 2015

In a Candid Conversation, FBI Director James Comey Talks About the “Evil Layer Cake” of Cybersecurity Threats (Part One of Two)

May 20, 2015

DOJ Encourages Cyber Incident Reporting and Advance Planning with Best Practices Guidance

May 20, 2015

Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats

May 20, 2015

Analyzing and Mitigating Cybersecurity Risks to Investment Managers (Part Two of Two)

Apr. 22, 2015

Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps

Apr. 22, 2015

Shifting to Holistic Information Governance and Managing Information as an Asset

Apr. 22, 2015

Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry

Apr. 22, 2015

FCC Makes Its Mark on Cybersecurity Enforcement with Record Data Breach Settlement

Apr. 22, 2015

Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part Two of Two)

Apr. 8, 2015

Ten Actions for Effective Data Risk Management

Apr. 8, 2015

Strategies for Preventing and Handling Cybersecurity Threats from Employees

Apr. 8, 2015

Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two)

Apr. 8, 2015

How Can a Company Mitigate Cyber Risk with Cross-Departmental Decisionmaking?

Most-Read Articles

Jan. 4, 2023
A Ransomware Tabletop’s 360-Degree Incident Response View: Days One to Four
- Incident Response
Jan. 11, 2023
Ten Cybersecurity Resolutions for Financial Services Firms in 2023
- Financial Services Regulation
Jan. 4, 2023
FTC and $391-Million State AG Case Put Location Data Enforcement on the Map
- Consumer Privacy
Jan. 18, 2023
Scrutiny Over Dark Patterns Presents Further Challenges in Online Contracting
- Consumer Privacy
Jan. 18, 2023
A Sensitive Time for Location Data: Tips to Address New Rules and Vendor Standards
- Mobile Technology

Webinar on Compliant International Data Transfers

Listen here to our discussion with our colleagues at Ethos Privacy, which took place on March 1, 2022, on how to approach international data transfer challenges.