• |

Regulations & Enforcement

  • Legislation
  • Investigations and Actions
  • Regulatory Bodies

May 14, 2025

DOJ Guidance on Bulk Sensitive Data Rules: Compliance Program, Recordkeeping and Reporting

May 7, 2025

DOJ Guidance on Bulk Sensitive Data Rules: Enforcement Grace Period and Prohibited Transactions

Apr. 30, 2025

Compliance Takeaways From the CPPA’s Enforcement Action Against Honda

Apr. 30, 2025

Connecticut AG’s Report Reveals Privacy Enforcers Reaching Deeper Into Their State Laws

Apr. 23, 2025

Sale of 23andMe’s Genetic Data: Lessons for Companies Around Sensitive Data

Apr. 16, 2025

Sale of 23andMe’s Genetic Data: Implications of the Motions for a Privacy Ombudsman and State Laws

Apr. 9, 2025

Data Clean Rooms and De-Identified Data Are Among Concerns in Navigating State Privacy Laws

Apr. 9, 2025

Reference Guide to 2025 Executive Orders for Compliance Professionals

Apr. 2, 2025

California’s Delete Act Enforcement Sweep Takeaways

Mar. 26, 2025

Navigating Global Privacy Control’s Not-So-Simple Implementation

Mar. 26, 2025

Implications of the Trump AI Executive Order

Mar. 19, 2025

Assessing and Managing AI’s Transformation of Cybersecurity in 2025

Mar. 19, 2025

Present and Former SEC Officials Discuss Strategy, Testimony, Proffers and Negotiations

Mar. 12, 2025

Managing Tracking Technologies and Their Privacy Dilemmas in 2025

Mar. 12, 2025

The Algorithmic CCO: Practical Steps for Implementing AI in Compliance

Mar. 5, 2025

Navigating Evolving Mobile App Privacy Issues

Mar. 5, 2025

The Algorithmic CCO: AI’s Role in Shaping the Future of Hedge Fund Governance

Feb. 26, 2025

The Tension Between Data Scraping and Data Protection in an AI-Driven World

Feb. 19, 2025

SEC and CFTC 2024 Enforcement Results: Record-High Financial Remedies Across Fewer Actions

Feb. 19, 2025

AI Meets GDPR: Mitigating Risks and Scaling Compliance in the Development and Deployment of AI Models

Feb. 12, 2025

New Jersey and Oregon Advisories Contribute to AI Guidance From State AGs

Feb. 12, 2025

Children’s Privacy Grows Up: Seven Compliance Areas for Protecting Teens

Feb. 5, 2025

How the 2025 Cybersecurity Executive Order Affects Business

Feb. 5, 2025

AI Meets GDPR: EDPB Weighs In on AI Models

Feb. 5, 2025

California’s Pending Automated Decision-Making Technology Regulations Will Further Focus Consumers’ Attention on AI

Jan. 29, 2025

Examining DOJ’s Final Rules on Access to Government and Sensitive U.S. Personal Data

Jan. 29, 2025

Children’s Privacy Grows Up: FTC Amends COPPA Rule and Targets Data Sharing

Jan. 22, 2025

Fifty-Three Regulators Raise Cyber Expectations With Multi-State Breach Settlement

Jan. 15, 2025

Children’s Privacy Grows Up: Examining New Laws That Now Protect Older Teens

Jan. 15, 2025

Navigating Ever-Increasing State AI Laws and Regulations

Jan. 8, 2025

Website Privacy Compliance Statistics and Practical Takeaways

Dec. 18, 2024

SEC Stresses Cybersecurity, AI and Crypto in Its 2025 Exam Priorities

Dec. 11, 2024

Preparing for U.S. State Law Privacy Compliance in 2025

Dec. 11, 2024

Deciphering the New CPPA Proposed Regulations for Data Brokers

Dec. 4, 2024

Preparing for Compliance With CFPB’s Final Personal Financial Data Rights Rule

Dec. 4, 2024

SEC Charges Four Companies for Misleading Cyber Incident Disclosures: Lessons on Contents and Procedures

Nov. 20, 2024

SEC Charges Four Companies for Misleading Cyber Incident Disclosures: New Expectations?

Nov. 20, 2024

CFTC’s Report Calls for Engagement and Development of AI Risk Management Frameworks

Nov. 13, 2024

GDPR Enforcement’s New Phase: Navigating Privacy Investigations in Europe

Nov. 13, 2024

Unpacking the Second Circuit’s Bombshell VPPA Ruling

Nov. 6, 2024

GDPR Enforcement’s New Phase: More Predictability, and New Rules on the Way

Oct. 30, 2024

What to Know (and Do) About DOJ’s Efforts to Identify and Prosecute Cybersecurity Fraud Under the False Claims Act

Oct. 30, 2024

Emerging Issues in Workplace Privacy: Regulations and Compliance Strategies

Oct. 23, 2024

Aftermath of the Ninth Circuit BIPA Liability Shake‑Up in Zellmer v. Meta

Oct. 16, 2024

Deciphering California’s Pioneering Mandate for an AI Nutrition Label 

Oct. 9, 2024

Loyal to a Fault? Customer Loyalty Programs in the Age of Comprehensive Privacy Laws

Oct. 2, 2024

FTC and State Enforcers Reveal What’s Next and What to Do About It

Sep. 25, 2024

FTC Signals Stricter Children’s Enforcement in NGL Labs Settlement: Compliance Lessons

Sep. 25, 2024

Outgoing CPPA Board Member Discusses Rulemaking and Looming Privacy Issues

Sep. 18, 2024

FTC Signals Stricter Children’s Enforcement in NGL Labs Settlement: Key Violations and Settlement Terms

Sep. 18, 2024

SEC Penalizes Adviser for Failing to Preserve Off-Channel Communications

Sep. 11, 2024

Takeaways and Looming Questions After Ninth Circuit Cuts DPIA From California’s Age-Appropriate Design Code

Aug. 21, 2024

What Texas’ Record $1.4‑Billion Deal With Meta Portends for Biometric Data Capture and Use

Aug. 14, 2024

AI Offers Clear Value for AML, but the Path Forward Is Murky

Aug. 7, 2024

Jarkesy and Loper: Bombshells or Busts?

Jul. 24, 2024

What Regulated Companies Need to Know About the SEC’s Final Amendments to Regulation S‑P

Jul. 24, 2024

Compliance Program Implementation: Compliance Calendars and Testing

Jul. 24, 2024

Implications of Loper Bright: Impacts on Congress, Courts and Agencies

Jul. 17, 2024

Implications of Loper Bright: Demise of Chevron Deference and Effect on Cyber and Privacy Enforcement

Jul. 10, 2024

A Framework for Materiality Determinations Under SEC’s Cyber Incident Disclosure Rules

Jul. 10, 2024

Implications of the New E.U. AML Directive

Jun. 26, 2024

Measures for Complying With 19 (and Counting) State Privacy Laws

Jun. 19, 2024

Examining Distinctive Aspects of Minnesota’s Demanding New Privacy Law

Jun. 12, 2024

Privacy and Data Security Regulators Discuss Enforcement Priorities and Collaborative Efforts

Jun. 5, 2024

Preparing to Comply With the Protecting Americans’ Data From Foreign Adversaries Act

May 29, 2024

CISA’s Proposed Rule for Critical Infrastructure Cyber Incident Reporting: How Organizations Can Prepare and Engage

May 29, 2024

Navigating the Global Cross-Border Privacy Rules and Privacy Recognition for Processors Certification Systems

May 29, 2024

Testing Is an Integral Component of Compliance Programs

May 22, 2024

Proposed Broad Private Right of Action Under a New Federal Privacy Law Could Be a Plaintiff’s Paradise

May 22, 2024

SEC Enforcement Actions Target “AI Washing”

May 15, 2024

CISA’s Proposed Rule for Critical Infrastructure Cyber Incident Reporting: Analysis of Key Provisions

May 8, 2024

Takeaways From FTC’s Orders Targeting Digital Health Companies

May 8, 2024

Survey Finds Cybersecurity Budgets Rising and Increased Incident Response Confidence

May 1, 2024

Off-Channel Communications Are Not the Only Source of Electronic Recordkeeping Violations

Apr. 24, 2024

Examining Maryland’s Game-Changing Data Minimization Requirements

Apr. 24, 2024

Common Law Fraud and SEC v. Jarkesy: The Key Issue Underlying the Questions Presented

Apr. 17, 2024

AI Governance Strategies for Privacy Pros

Apr. 10, 2024

Practical Insights Direct From U.S. State Privacy Enforcers

Apr. 10, 2024

Latest SEC Sweep of Off‑Channel Communications Both Befuddles and Turns Up the Heat on Investment Advisers

Apr. 3, 2024

Addressing the Operational Complexities of Complying With the Washington My Health My Data Act

Apr. 3, 2024

Examining Utah’s Pioneering State AI Law

Mar. 27, 2024

SEC’s 2024 Regulatory Focus

Mar. 20, 2024

AI Drives Rise in Private Funds’ Use of Alternative Data

Mar. 13, 2024

Connecticut AG’s Report Highlights Enforcement Risks and Points to Action Steps for Companies

Mar. 13, 2024

Forecasting Potential Outcomes in SEC v. Jarkesy Based on Recent Oral Arguments

Mar. 6, 2024

Cybersecurity Practices for PE Sponsors and Their Portfolio Companies: Due Diligence and Post-Acquisition Efforts

Mar. 6, 2024

Lessons From California’s DoorDash Enforcement Action

Feb. 28, 2024

Cybersecurity Practices for PE Sponsors and Their Portfolio Companies: Incident Prevention and Response

Feb. 21, 2024

Legal and Ethical Issues in Use of Biometrics: Modality Selection, Implementation and State Laws

Feb. 14, 2024

Financial Services 2024 Privacy, Cybersecurity and AI Regulation Overview

Feb. 14, 2024

Nine Impacts of New Jersey and New Hampshire Privacy Laws

Feb. 7, 2024

Binance’s $4.3‑Billion Criminal Resolution Raises Questions on Crypto Guidance

Feb. 7, 2024

Progress? Recent Rulings Are One Step Forward, Two Steps Back for BIPA Defendants

Jan. 17, 2024

2024 SEC Examination Priorities: New Approaches to Old Areas of Concern

Jan. 17, 2024

Tracking Technologies: Privacy Regulation, Enforcement and Risk

Jan. 17, 2024

No Regulator Is an Island: Bermuda Commissioner Discusses New Privacy Law and Global Enforcement

Jan. 3, 2024

SEC Director Offers Clarification on New Cyber Disclosure Regime

Jan. 3, 2024

Amendment to NYDFS Cyber Regulation Brings New Mandates: First Compliance Steps

Jan. 3, 2024

Complying With the FTC’s Amended Safeguards Rule’s New Reporting Requirement

Dec. 13, 2023

Amendment to NYDFS Cyber Regulation Brings New Mandates: Governance Provisions

Dec. 13, 2023

A 2023 Cyber Regulation Look-Back and 2024 Risk-Management Strategies

Dec. 6, 2023

U.K. Penalizes Morgan Stanley for Lax Electronic Communications Practices

Nov. 29, 2023

Implications of EDPB Meta Ruling on Behavioral Advertising Practices

Nov. 15, 2023

What the AI Executive Order Means for Companies: Examining Red‑Teaming Requirements

Nov. 15, 2023

Navigating SEC Cybersecurity Enforcement in a Post-SolarWinds World

Nov. 8, 2023

What the AI Executive Order Means for Companies: Seven Key Takeaways

Nov. 1, 2023

Compliance Challenges in Records Management

Nov. 1, 2023

Examining Security Mandates, Including California’s Draft Audit Regulations, in State Privacy Laws

Oct. 25, 2023

Private Actions Under the CPRA: Settlement Considerations and Mitigating Risk

Oct. 25, 2023

Navigating Certification and Implementation Issues Under the U.S.-E.U. Data Privacy Framework

Oct. 25, 2023

U.K. Equifax Fine Calls for Stricter Parent-Subsidiary Data-Sharing Processes

Oct. 18, 2023

Current and Former Enforcement Staffs’ Tips for Litigating Against the SEC

Oct. 18, 2023

Private Actions Under the CPRA: Key Issues and Defense Strategies

Oct. 11, 2023

Shaping AI Policy to Address Risks to U.S. Citizens and National Security

Oct. 11, 2023

Benchmarking the Impact of State Privacy Laws on Digital Advertising

Oct. 4, 2023

Understanding the Fiduciary Exception to Attorney-Client Privilege

Oct. 4, 2023

Will California’s New Law Aimed at Data Brokers Require a “Delete Me” Button on All Websites?

Sep. 20, 2023

SEC and CFTC Continue to Penalize Firms for Electronic Communications Recordkeeping Violations

Sep. 13, 2023

Examining the Washington Attorney General’s FAQs on the My Health My Data Act

Sep. 13, 2023

Key Terms and Negotiation Issues in Data Processing Agreements

Sep. 6, 2023

E.U. Coordinated Enforcement Framework Focuses on DPOs

Sep. 6, 2023

Navigating the SEC’s Newly Adopted Cybersecurity Disclosure and Controls Regime

Aug. 9, 2023

Key Legal and Business Issues in AI-Related Contracts

Aug. 2, 2023

Navigating Evolving Data Breach Litigation and Regulatory Risks

Jul. 26, 2023

Bridging the Atlantic: E.U.‑U.S. Data Privacy Framework Practical Takeaways

Jul. 19, 2023

CJEU Decision Adds Antitrust Regulators As New GDPR Concern for Companies

Jul. 19, 2023

NYDFS Changes Its Cybersecurity Regulation Requirements Through Enforcement – Again

Jul. 19, 2023

CFTC Commissioner Shares Five Pillars of Cyber Resilience

Jul. 12, 2023

Analyzing 2023’s New State Privacy Laws: Oregon and Delaware Join the Strictest Tier

Jun. 28, 2023

Analyzing 2023’s New State Privacy Laws: The First Six Plus Compliance Measures

Jun. 28, 2023

SEC Steps Up Enforcement Actions Against Cryptocurrencies

Jun. 21, 2023

Xbox and Alexa COPPA Case Lessons: Avatars, Biometrics and Other New Expectations

Jun. 21, 2023

The Practical and Legal Complexities of Online Age Verification

Jun. 14, 2023

Deciphering California and U.K. Children’s Codes and Compliance Obligations

Jun. 14, 2023

Xbox and Alexa COPPA Case Lessons: Negotiating With the FTC Over Algorithms and Remedies

Jun. 7, 2023

“Risk to Resilience”: CFTC Commissioner Romero Discusses Climate and Cybercrime Risk

Jun. 7, 2023

Implications of CJEU Ruling on Compensation for GDPR Claims

Jun. 7, 2023

Impact of State Privacy Laws on the Financial Services Sector

May 31, 2023

Colorado Controllers: The Final (Rules’) Frontier

May 31, 2023

How to Navigate the Rough Waters and Turning Tides of U.S. States’ Anti-ESG Movement and Europe’s Pro-ESG Measures (Part Two of Two)

May 17, 2023

Meta and Epic Cases Show FTC Toughening Its Children’s Privacy Enforcement

May 17, 2023

Practical Steps to Take Based on SEC’s Proposed Cybersecurity Risk Management Rule for Investment Advisers

May 17, 2023

Understanding Cyberattacks on Digital Asset Platforms

May 10, 2023

Aggressive Washington Health Privacy Law: Ten Compliance Priorities

May 10, 2023

Making Sense of Evolving Regulations, Recent Enforcement Efforts and Antitrust Claims as to ESG Investing in the U.S. and E.U. (Part One of Two)

May 3, 2023

Aggressive Washington Privacy Law: Right to Sue and Onerous Consent Obligations

May 3, 2023

Landscape of On-Chain Asset Tokenization and Blockchain Technology’s Path Toward Maturity

Apr. 19, 2023

Expedia and Lululemon Privacy Pros Discuss Scaling Vendor Contracting for New Privacy Laws

Apr. 12, 2023

Complying With Europe’s Digital Services Act and Digital Markets Act

Apr. 5, 2023

Website-Tracking Lawsuits: Takeaways From New Dismissals of Wiretap Claims

Mar. 29, 2023

FTC’s BetterHelp Case Prescribes Stronger Privacy Practices

Mar. 29, 2023

Website-Tracking Lawsuits: A Guide to New Video Privacy Decisions Starring PBS and People.com

Mar. 29, 2023

Use of Alternative Data Continues to Grow, Says New Survey

Mar. 22, 2023

Managing Legal Issues Arising From Use of ChatGPT and Generative AI: Industry Considerations and Practical Compliance Measures

Mar. 15, 2023

A Roadmap to the Final Regulations Under the CPRA

Mar. 15, 2023

SEC Modernizes Broker-Dealer Electronic Recordkeeping Rules

Mar. 15, 2023

Managing Legal Issues Arising From Use of ChatGPT and Generative AI: E.U. and U.S. Privacy Law Considerations

Mar. 8, 2023

BIPA Decisions Expand Potential Liability: What’s Next in Illinois and Other States?

Mar. 1, 2023

Getting Used to Zero Trust? Meet Zero Copy

Feb. 22, 2023

Is Coinbase a Warning to Other Crypto Players?

Feb. 22, 2023

IAB Unveils Multistate Contract to Satisfy 2023 Laws’ Curbs on Targeted Ads

Feb. 15, 2023

Impact of Emerging Technologies on Financial Crime Risk Management

Feb. 8, 2023

Data Breaches and the Private Credit Market: Post-Breach Considerations

Feb. 8, 2023

How to Comply With the CPRA’s Data Minimization Standards

Feb. 1, 2023

Data Breaches and the Private Credit Market: Assessing Borrower Cyber Preparedness

Feb. 1, 2023

Key Privacy Issues for 2023

Jan. 25, 2023

Transparency of Beneficial Ownership Clashes With U.K. Privacy Laws

Jan. 25, 2023

France’s Cookie Enforcement Against TikTok and Microsoft Highlights Common Compliance Missteps

Jan. 25, 2023

E.U. Regulators Bar Meta From Requiring Users to Pay With Their Data

Jan. 18, 2023

A Sensitive Time for Location Data: Tips to Address New Rules and Vendor Standards

Jan. 11, 2023

Ten Cybersecurity Resolutions for Financial Services Firms in 2023

Jan. 4, 2023

FTC and $391-Million State AG Case Put Location Data Enforcement on the Map

Dec. 14, 2022

The Importance of Being a PIPL Pleaser: Update and Predictions on China’s Data Protection Law One Year In

Dec. 7, 2022

Google Settlement Shows DOJ's Increased Focus on Data Preservation

Nov. 30, 2022

FTC’s Drizly Case Shows Regulators Are Ready to Police Data’s Expiration Dates

Nov. 16, 2022

Ransomware Evolution: Government Efforts and Cyber Insurance

Nov. 16, 2022

What the FAQ: Deciphering the European Commission Guidance on the New SCCs

Nov. 2, 2022

How the New E.U.-U.S. Data Privacy Framework Clears a Path for Transatlantic Business

Oct. 26, 2022

SEC and CFTC Wall Street Resolutions Highlight Need for Communication and Records Compliance

Oct. 26, 2022

Navigating the Interplay of Breach Response and Breach Notification

Oct. 26, 2022

Takeaways From the New Push for a Federal AI Law

Oct. 19, 2022

Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund

Oct. 19, 2022

A New Era of Cyber Incident Reporting and Cybersecurity Regulation: How Companies Should Prepare and Engage

Oct. 12, 2022

A New Era of Cyber Incident Reporting and Cybersecurity Regulation: Key Provisions

Sep. 28, 2022

Using Software Bills of Materials to Bolster Security in Contracting

Sep. 28, 2022

Lessons From California’s First CCPA Enforcement Action

Sep. 21, 2022

Trio of Settled Enforcement Actions Highlights SEC Concerns About Identity Theft Policies and Procedures

Sep. 14, 2022

Shaping the BIPA Landscape: Avoiding Liability

Sep. 14, 2022

Robinhood Resolution a First for Cryptocurrency Enforcement in NY

Sep. 14, 2022

Compliance Survey Finds Data Management Challenges, Rising Costs and Increasing Uptake of RegTech

Sep. 07, 2022

Four Steps to Secure Open-Source Software After CSRB’s Log4j Investigation

Aug. 17, 2022

Understanding and Implementing DoD’s Cybersecurity Requirements

Aug. 17, 2022

The SEC’s 2022 Reg Flex Agendas: Major Proposals and Ambitious Timelines

Aug. 10, 2022

Protecting Against Crypto Theft

Aug. 3, 2022

Cybersecurity Compliance Lessons From NYDFS’ Carnival Action

Aug. 3, 2022

How to Prepare for the Cybersecurity Incident Reporting for Critical Infrastructure Act

Jul. 27, 2022

Employee Data Under the CPRA: Rights Requests, Privacy Policies and Enforcement

Jul. 27, 2022

A Checklist to Help Fund Managers Assess Their Cybersecurity Programs

Jul. 20, 2022

Employee Data Under the CPRA: Key Rights and Restrictions

Jul. 13, 2022

CPRA Draft Regulations: Essential Takeaways and 10 Actions to Take Now

Jun. 29, 2022

Navigating the Intersection of Digital Assets and AML

Jun. 29, 2022

Present and Former SEC Officials Discuss the Commission’s Latest Examination and Enforcement Tactics and Priorities

Jun. 22, 2022

New AI Rules: States Require Notice and Records, Feds Urge Monitoring and Vetting

Jun. 22, 2022

Fifth Circuit Decision Could Hamstring SEC Enforcement Abilities

Jun. 15, 2022

Privacy and Security Regulators Discuss New Enforcement Proposals and Compliance Best Practices

Jun. 8, 2022

Regulation Looms for Sharing of Sensitive Financial Data

Jun. 1, 2022

FINRA Clarifies Stance on CCO Supervisory Liability

May 25, 2022

TV Privacy: Will the TV Industry Agree to Standardize Consent on Screen?

May 18, 2022

Navigating the Intersection of Blockchain and Data Privacy Laws

May 11, 2022

Party of Five: Connecticut Law Solidifies Consensus on State Privacy Standards

May 4, 2022

Effective Use of Privacy Impact Assessments

Apr. 27, 2022

Preparing for CPRA Compliance: Jurisdictional Focus or a More Holistic Approach?

Apr. 27, 2022

New Utah Privacy Law Marks a Shift in State Privacy Legislation

Apr. 27, 2022

SEC Proposes Cyber Risk Management Rules for Advisers

Apr. 20, 2022

Privacy Enforcers Across the Globe Band Together to Coordinate Investigations

Apr. 20, 2022

FTC’s Khan and Phillips Deliver Views on Future of Data Privacy Enforcement

Apr. 13, 2022

U.S., E.U. Announce Trans-Atlantic Data Privacy Framework: What Companies Can Do Now

Apr. 13, 2022

California AG Opinion Hands Companies New Tasks for AI, Data Maps, Marketing

Mar. 30, 2022

Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements

Mar. 23, 2022

Implications of DOJ’s Pursuit of the Crypto-Laundering Couple

Mar. 23, 2022

Are “Privacy-First” Clean Rooms Safe From Regulators?

Mar. 16, 2022

Securing Emerging Technologies Without Hampering Innovation: Government Initiatives and How Companies Can Adapt

Mar. 9, 2022

A Look at the NSCP’s Firm and CCO Liability Framework

Mar. 9, 2022

Securing Emerging Technologies Without Hampering Innovation: Private Sector Challenges

Mar. 2, 2022

Navigating Post-Schrems II International Data Transfer Waters: SCCs and Supplementary Measures

Mar. 2, 2022

Blockchain Recordkeeping Stirs Privacy Concerns

Feb. 23, 2022

Ad Industry’s Third-Party Data Use Grew Despite Impending Cookie Shutdown

Feb. 23, 2022

Navigating Post-Schrems II International Data Transfer Waters: Challenges and TIAs

Feb. 16, 2022

The Privacy and Antitrust Paradox in the Age of Data

Feb. 9, 2022

Will It Be Goodbye Forever? Navigating Consumer Requests to Delete Personal Data

Feb. 2, 2022

Gensler Discusses the SEC’s Cyber Priorities

Feb. 2, 2022

Compliance Takeaways From the Latest GDPR Enforcement Statistics

Jan. 26, 2022

Personal Liability and Compliance Resourcing Are Top Concerns Among CCOs, Surveys Show

Jan. 26, 2022

More Regulators Accept New Tool to Streamline Companies’ Cyber Compliance

Jan. 19, 2022

Two European Regulators Warn Behavioral Advertising Skates on Thin Ice

Jan. 19, 2022

Privacy Resolutions for 2022

Jan. 12, 2022

SEC Chair Gensler’s Stance on Three Key Disclosure Areas and the Role of Individual Accountability in Enforcement Actions

Dec. 01, 2021

FTC Sets Wheels in Motion for a Broad Privacy Rule Restricting Data Collection

Nov. 17, 2021

Data Localization: Cybersecurity Challenges Abound

Nov. 17, 2021

Practical Approaches to Conducting Transfer Impact Assessments Under the GDPR

Nov. 17, 2021

How Financial Institutions Should Strengthen Their Data Security to Comply With FTC’s Updated Safeguards Rule

Nov. 10, 2021

Data Localization: New Compliance Headaches and Costs Across the Globe

Nov. 3, 2021

In-House Insight on Handling Data Subject Access Requests Under Multiple Privacy Regimes

Nov. 3, 2021

Data Localization: Laws Spread and Enforcement Rises

Oct. 27, 2021

Lessons From the WhatsApp Decision on GDPR Transparency Requirements: Compliance Foundations

Oct. 27, 2021

IOSCO Issues Final Guidance on AI and Machine Learning

Oct. 20, 2021

U.K. Data Privacy Officers Discuss Challenges and Concerns

Oct. 20, 2021

Collective Actions in the U.K. After Lloyd v. Google

Oct. 20, 2021

Lessons From the WhatsApp Decision on GDPR Transparency Requirements: Enforcement Takeaways

Oct. 13, 2021

China’s First Information Protection Law: Compliance Essentials

Oct. 13, 2021

FINRA Report Outlines Growing Adoption of Cloud Computing by Securities Industry and Associated Regulatory Concerns

Oct. 6, 2021

Fund Managers Must Ensure Adequate Security Measures Under Safeguards Rule or Risk SEC Enforcement Action

Sep. 29, 2021

Value of Sponsors Implementing Portfolio Monitoring Models for ESG and Cybersecurity Issues

Sep. 29, 2021

SEC Cybersecurity Disclosure Enforcement Heats Up: Best Practices

Sep. 22, 2021

SEC Cybersecurity Disclosure Enforcement Heats Up: Recent Developments

Sep. 22, 2021

Examining the Intersection of Voiceprints and Data Privacy Laws

Sep. 8, 2021

What to Expect From the FCC and FTC Under the Biden Administration

Aug. 11, 2021

Using RegTech for Compliance Efforts and Potential Benefits of Emerging Technologies

Aug. 11, 2021

Complying With NYC’s New Biometrics Law

Aug. 4, 2021

The Evolution, Status and Future of RegTech in the Private Funds Industry

Aug. 4, 2021

Evaluating Privacy and Cybersecurity Risks in Emerging Technology Transactions: Artificial Intelligence and EdTech

Jul. 28, 2021

Incident Response in the Financial Services Industry

Jul. 21, 2021

Shedding Light on Dark Patterns: What Financial Institutions Need to Know

Jul. 21, 2021

Vaccines and Testing in the Post-Pandemic Workplace: Answers to the Tough Questions

Jul. 14, 2021

Personal Data Transfers After Year Zero: A More Appealing Set of EDPB Recommendations?

Jul. 14, 2021

Vaccines and Testing in the Post-Pandemic Workplace: Understanding the Legal Framework and Making a Balanced Plan

Jun. 30, 2021

Using RegTech to Enhance Compliance

Jun. 30, 2021

Personal Data Transfers After Year Zero: Are the New SCCs a Paradigm Shift?

Jun. 30, 2021

DOL Begins Cyber Audits to Protect U.S. Workers’ Retirement Savings

Jun. 23, 2021

How the NYDFS Drives Cybersecurity in the Financial Services Industry

Jun. 23, 2021

Colorado Privacy Law Finishes Third, but Could Become the New Standard

Jun. 23, 2021

Three Years In, GDPR Legal Landscape Remains in Flux

Jun. 16, 2021

The Impact of Recent Legislative and Litigation Trends on Commercial Use of De-Identified Data

Jun. 9, 2021

To “Cure” or Not to “Cure,” That Is the Question

Jun. 9, 2021

State AGs Share Breach Notification Tips and Latest Enforcement Concerns

Jun. 2, 2021

U.K. Data Protection Regulator Smooths Way for Fund Managers to Transfer Data to SEC

Jun. 2, 2021

AI Compliance Playbook: Adapting the Three Lines Framework for AI Innovations

May 26, 2021

CISA and DHS Counsel Explain Cybersecurity Executive Order’s Key Provisions

May 26, 2021

SEC Commissioner Examines Regulatory Approach to Digital Assets

May 5, 2021

Two Settlements Show NYDFS’ Hidden Power to Use Other States’ Breach Laws

Apr. 28, 2021

Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia

Apr. 28, 2021

AI Compliance Playbook: Understanding Algorithm Audits

Apr. 21, 2021

AI Compliance Playbook: Seven Questions to Ask Before Regulators or Reporters Do

Apr. 21, 2021

Supreme Court’s Facebook Decision Narrows Applicability of the TCPA, but Companies Are Not Home Free

Apr. 14, 2021

AI Compliance Playbook: Traditional Risk Controls for Cutting-Edge Algorithms

Apr. 7, 2021

Behind the Scenes: California AG’s Non-Public CCPA Inquiries

Apr. 7, 2021

Former Twitter and eBay Counsel Talks Overblown Fears, Third-Party Data Management, and CDA Section 230

Mar. 31, 2021

Managing Vendor Contracts From the Data Controller's Perspective

Mar. 31, 2021

KBR v. SFO: Implications for Overseas Document Production

Mar. 31, 2021

How Do You Put a System of Controls in Place When Your Target Keeps Moving?

Mar. 24, 2021

Privacy and Security Provisions in Vendor Agreements: Key Data Processing Considerations

Mar. 24, 2021

Recommended Data Strategies As Google Swears Off Web Tracking

Mar. 17, 2021

Privacy and Security Provisions in Vendor Agreements: Assessing the Risks

Mar. 17, 2021

Virtual Currencies: Opening a New Avenue for Financial Crimes

Mar. 10, 2021

Preparing for the CPRA’s New Consumer Rights Requirements

Mar. 10, 2021

Familiar and Fresh Mandates in Virginia’s New Privacy Law

Mar. 3, 2021

Best Practices for Data Transfers in the Wake of Schrems II

Feb. 17, 2021

A Fake Zoom Invite Hack: Eight More Lessons

Feb. 10, 2021

A Fake Zoom Invite Hack: What Happened and Three Lessons

Feb. 10, 2021

What the New Information Security Reporting Standards Mean for Financial Institutions 

Feb. 10, 2021

GDPR Lives On in the U.K. Post-Brexit

Feb. 3, 2021

Expect Continuing Regulatory Focus on Cybersecurity and Data Protection in 2021

Feb. 3, 2021

Getting Started With CMMC: How to Prepare and What to Expect From the Assessment

Jan. 27, 2021

Getting Started With CMMC: Understanding Goals, Requirements and Challenges

Jan. 20, 2021

Disputed Twitter Fine Offers Breach Response Lessons

Jan. 20, 2021

Privacy Resolutions for 2021

Jan. 13, 2021

Can the Cybersecurity Industry Improve Cooperation to Beat Threats?

Jan. 6, 2021

Maintaining Privacy While Staying Competitive in an Evolving Regulatory Landscape

Jan. 6, 2021

Six Practical Tips for Building an Effective Privacy Risk Assessment Program

Jan. 6, 2021

Privacy and Security Risks in International Arbitration: Managing Remote Proceedings

Dec. 16, 2020

Privacy and Security Risks in International Arbitration: Threats and the Information Security Protocol

Dec. 16, 2020

How Will the Biden Administration’s Approach to Cybersecurity Impact the Private Sector?

Dec. 9, 2020

Strategies for Managing the Intersection of Cybersecurity and New Technologies

Dec. 9, 2020

What the New IoT Act Means for the Private Sector

Dec. 2, 2020

How CCOs Can Avoid Personal Liability for an Organization’s Compliance Failures

Dec. 2, 2020

ICO Hones GDPR Enforcement Approach With Reduced Fines for British Airways, Marriott and Ticketmaster

Nov. 18, 2020

Asset Disposal and Vendor Management Lessons From Morgan Stanley's OCC Settlement

Nov. 11, 2020

The Intelligent Workplace in the Age of a Pandemic: Six Privacy and Security Safeguards

Nov. 11, 2020

Understanding the World’s New Four-Letter Privacy Law: China’s PIPL

Nov. 4, 2020

Comparing U.S. and E.U. Approaches to Incident Response and Breach Notification

Oct. 28, 2020

The Intelligent Workplace in the Age of a Pandemic: Balancing Innovation and Risk

Oct. 21, 2020

Steps to Take After OFAC and FinCEN’s Warnings on Ransomware Payoffs

Oct. 21, 2020

Senior Commerce Official Discusses Supply Chain Security and Cyber Policy

Oct. 14, 2020

H&M’s $41M GDPR Fine Underscores Importance of Employee Data Handling

Oct. 14, 2020

Top Priorities for Compliance With Brazil’s New Personal Data Protection Law

Sep. 30, 2020

What to Expect From the CPRA – California’s New Proposed Privacy Law

Sep. 23, 2020

Apple Overhauls Privacy for iPhone Apps, but Will It Enforce Its Policies?

Sep. 23, 2020

Identifying and Preventing Ransomware Attacks

Sep. 9, 2020

Implementing the CCPA Regulations: Are You Ready?

Sep. 2, 2020

Business Continuity Plans, Budgets and More: Hot Compliance Topics for Investment Advisers

Sep. 2, 2020

After Death of the Cookie, New Advertising Strategies Raise Compliance Questions

Aug. 12, 2020

Navigating China’s Cybersecurity Regulatory Maze

Aug. 12, 2020

Six Compliance Lessons From NYDFS’ First Cybersecurity Regulation Enforcement Action

Aug. 5, 2020

Early EDPB Guidance in the Wake of Schrems II Signals Where E.U.-U.S. Data Transfers Are Headed

Aug. 5, 2020

CCPA and Online Ads: Contract and Compliance Consequences

Jul. 29, 2020

CCPA and Online Ads: Facebook Finally Acts, AG Starts Enforcement

Jul. 22, 2020

Ten Initial Steps for E.U. and U.S. Companies in Light of Schrems II Ruling

Jul. 15, 2020

Back to the Table: CCPA Regulations Spark New Wave of Service-Provider Negotiations

Jul. 15, 2020

Business Continuity Planning: How to Update a BCP With Lessons Learned From the Pandemic

Jun. 24, 2020

Perspectives From the Public and Private Sectors on Information Sharing During COVID-19

Jun. 24, 2020

How to Comply With Key CCPA Notice and Consumer Request Requirements

Jun. 24, 2020

Balancing Privacy Rights and Innovation in Digital Contact Tracing

Jun. 17, 2020

Privacy Settings May Serve as One-Step CCPA Opt-Out From Sale

Jun. 17, 2020

The (Im)Possibilities of Scientific Research Under the GDPR

Jun. 10, 2020

Are You Prepared for OCIE’s Sweep of Business Continuity Plans and Coronavirus Actions?

May 27, 2020

Recent Developments in E.U. Cybersecurity Regulation

May 20, 2020

Did Adtech Fix Its CCPA Problem? IAB’s GC Discusses New Contract for Data Sales

May 20, 2020

How to Facilitate a Safe and Privacy Compliant Return to Work: Policies and Protocols

May 13, 2020

How to Facilitate a Safe and Privacy Compliant Return to Work: Laws and Guidance

May 6, 2020

How Asset Managers and Others Can Mitigate Pandemic-Related Operational Risks and Maintain Business Continuity

Apr. 29, 2020

What Is the Potential Liability for Zoombombing, and How Safe Are Zoom Alternatives?

Apr. 29, 2020

Understanding Insider Trading Based on Data Breaches Amidst Heightened Regulatory Scrutiny

Apr. 22, 2020

How Is COVID-19 Affecting Cybersecurity Risk, Readiness, Reporting and NYDFS Enforcement?

Apr. 22, 2020

GDPR Enforcement Lessons and New ICO Guidance on COVID‑19

Apr. 22, 2020

Morrisons Ruling Lets U.K. Employers Off the Hook for Rogue Employee Data Leaks

Apr. 15, 2020

Six Ways to Be Prepared for the SEC’s Focus on Cybersecurity and Resiliency

Apr. 15, 2020

Takeaways From Former FTC Officials on 2019 Enforcement Actions: Data Security Guidance and Enforcement Predictions

Apr. 8, 2020

Takeaways From Former FTC Officials on the Commission’s 2019 Enforcement: General, Financial and Children’s Privacy

Apr. 1, 2020

A Considered Cooperation Approach Is Vital in ICO Data Protection Audits

Mar. 25, 2020

Are Companies Turning a Blind Eye to Their Lost Data on the Dark Web?

Mar. 25, 2020

Gauging the GDPR’s Global Reach

Mar. 11, 2020

The Keys to Encryption: Legal and Regulatory Framework

Mar. 11, 2020

NIST’s New IoT Standard: Inspiring a Wave of New Device Security Guidance

Mar. 4, 2020

NIST’s New IoT Standard: Boosting Security As States Launch Laws

Mar. 4, 2020

Safeguards for Proper Disposal of Hardware: Effective Inventories, Policies and Due Diligence

Feb. 26, 2020

Safeguards for Proper Disposal of Hardware: Risks and Examiner Expectations

Feb. 19, 2020

Consciously Coupling: Tackling the Juxtaposition Between Adtech and Privacy

Feb. 19, 2020

Best Practices for Using Alternative Data: Mitigating Regulatory Risks

Feb. 12, 2020

How to Approach CCPA’s Under-16 Opt‑in Consent

Feb. 12, 2020

Best Practices for Using Alternative Data: Collection and Provider Management

Feb. 5, 2020

Defining, Implementing and Documenting “Reasonable Security”

Feb. 5, 2020

CCPA Litigation Risks: How to Avoid Claims Under Other Statutes

Jan. 29, 2020

Establishing a Foundation for Breach-Notification Compliance in a Sea of Privacy Laws

Jan. 22, 2020

How to Stem the Coming Tide of CCPA Private Litigation

Jan. 15, 2020

Key Compliance Considerations for Fund Managers Using Alternative Data

Jan. 8, 2020

Present and Former Regulators Discuss Current SEC and NFA Examination and Enforcement Environment

Dec. 18, 2019

Not Just the GDPR: Privacy Laws in Belarus, Russia, Switzerland, Turkey and Ukraine

Dec. 11, 2019

Not Just GDPR: Examining the Other European Privacy Laws 

Dec. 11, 2019

How to Handle E.U. Data Subject Access Requests

Dec. 4, 2019

U.K. and U.S. Sign First E-Evidence Pact Under the CLOUD Act: A Look at the Privacy Protections

Nov. 20, 2019

U.K. and U.S. Sign First E-Evidence Pact Under the CLOUD Act: Fewer Hurdles, More Clarity and New Questions

Nov. 13, 2019

Updating Vendor Agreements to Comply With CCPA: Non-Third Parties and Key Steps

Nov. 13, 2019

AI for Fund Managers and Beyond: Government Guidance

Nov. 13, 2019

Updating Cyber Policies to Align With Recent SEC Exams and Guidance

Nov. 6, 2019

Updating Vendor Agreements to Comply With CCPA: Service-Provider Exemption and Corporate Approaches

Nov. 6, 2019

AI for Fund Managers and Beyond: How to Use It to Streamline Operations

Oct. 30, 2019

Broad but Limited Reach of GDPR Highlighted in ECJ Google Ruling on “Right to Be Forgotten”

Oct. 23, 2019

CFTC Issues $1.5-Million Fine After Phishing Attack

Oct. 23, 2019

ICO Enforcement Takeaways After Marriott and British Airways

Oct. 16, 2019

Portuguese DPA Holds Parts of Portuguese Data Protection Law Inconsistent With GDPR

Oct. 16, 2019

How Uber, eBay and Pitney Bowes Built Principles-Based Global Privacy Programs

Oct. 9, 2019

CCPA Close-Up: Examining the GLBA Carve-Out and How Financial Institutions Can Evaluate Applicability

Oct. 9, 2019

Does the GDPR Disadvantage Non-E.U. Companies? Addressing the Lead Supervisory Authority Dilemma (Part Two)

Oct. 2, 2019

CCPA Close-Up: Review of Amendments and How to Prepare for Compliance

Oct. 2, 2019

Does the GDPR Disadvantage Non-E.U. Companies? The Benefits of a Lead Supervisory Authority (Part One of Two)

Sep. 18, 2019

Far-Reaching Google and YouTube Settlement Offers COPPA Compliance Lessons

Sep. 18, 2019

New York’s First Mandated Cybersecurity Standards: A Compliance Roadmap

Sep. 11, 2019

New York’s New Cybersecurity Standards: Expanding Definitions and Requirements

Aug. 21, 2019

Examining Portugal’s GDPR Implementation Statute

Aug. 21, 2019

Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA

Jul. 17, 2019

How to Establish an Efficient Incident Response Plan

Jul. 17, 2019

Maine Enacts Sweeping Broadband Customer Privacy Law

Jul. 10, 2019

Parental Liability in the E.U.: Mitigating Liability at Various Stages of Portfolio Company Ownership

Jul. 10, 2019

Can GDPR Hinder AI Made in Europe?

Jul. 10, 2019

Implications of Nevada’s New Privacy Law

Jun. 26, 2019

Preparing for the Latest SEC Cyber Sweeps

Jun. 26, 2019

Parental Liability in the E.U.: Rebuttable Presumption of Decisive Influence and Four Misconceptions About Avoiding Liability

Jun. 19, 2019

Parental Liability in the E.U.: “Undertakings” and Potential Scope of Risk for Parent Entities

Jun. 19, 2019

Kids, Privacy & Legal Compliance

Jun. 12, 2019

CCPA Priorities: Tackling Data Subject Rights Requests and Vendors

Jun. 5, 2019

Irish Data Protection Commissioner Helen Dixon on Breach Notification, the Role of the DPO and a U.S. Privacy Law

Jun. 5, 2019

CCPA Priorities: Turning Legislation Prep Into a Program Shift

Jun. 5, 2019

FINRA RegTech Conference Reviews AI, RegTech Adoption and Compliance Challenges (Part Two of Two)

May 29, 2019

Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In

May 29, 2019

FINRA RegTech Conference Examines Digital Identification, Suspicious Activity Reporting and Machine Learning

May 22, 2019

Deputy Assistant Attorney General Seeks to Dispel CLOUD Act Misunderstandings One Year In

May 15, 2019

ECJ Confirms Direct Parental Liability for Civil Damages for Subsidiary Antitrust or GDPR Violations

May 8, 2019

Understanding Regulatory Technology: Current Uses and Deployment Considerations

May 8, 2019

Lessons From FTC 2018 Privacy and Data Security Update: Hearings, Reports and 2019 Predictions

May 1, 2019

Lessons From FTC 2018 Privacy and Data Security Update: Financial Privacy, COPPA and International Enforcement

May 1, 2019

Understanding Regulatory Technology: Tools, Challenges and Regulators’ Views

Apr. 24, 2019

Lessons From FTC's 2018 Privacy and Data Security Update: Enforcement Takeaways

Apr. 17, 2019

GPEN Report Highlights Key Areas for Data Privacy Improvement

Apr. 10, 2019

Combatting Privacy Issues Arising From Geolocation Data Use: Five Risk-Mitigation Strategies

Apr. 10, 2019

Utah Act Increases Restrictions on Access to Third-Party Data

Apr. 3, 2019

Combatting Privacy Issues Arising From Geolocation Data Use: Understanding the Legal Landscape

Mar. 27, 2019

Companies May Need to Re-Examine Approach to Breach Response Preparedness According to Experian Survey

Mar. 20, 2019

COPPA Compliance Lessons Following Musical.ly’s $5.7 Million FTC Settlement

Mar. 13, 2019

Mitigating the Risks of Open-Source Software

Mar. 13, 2019

Takeaways From 2018 COPPA Developments and a Forward-Thinking Approach to Compliance

Mar. 6, 2019

The NYDFS’ Cybersecurity Regulation’s Third-Party Requirement and Beyond

Mar. 6, 2019

Preparing for the CCPA: Best Practices and Understanding Enforcement

Mar. 6, 2019

Benefits and Risks of Open-Source Software and How the Financial Sector Is Using It

Feb. 27, 2019

U.K. Employers on the Hook for Rogue Employee Data Leaks Post-Morrison​​​​​

Feb. 27, 2019

Preparing for the CCPA: Securing Buy-In and Setting the Scope

Feb. 20, 2019

ACA Aponix-NSCP Cyber Survey Finds Growing Numbers of Security Incidents, Cloud Use and Regulatory Burdens

Feb. 13, 2019

FINRA Report Addresses Common Cybersecurity Risks and Recommends Mitigation Measures

Feb. 6, 2019

Analyzing Early GDPR Enforcement: France

Feb. 6, 2019

Examining the New Requirements and Broad Definition of Data Broker Under Vermont’s New Law

Jan. 30, 2019

How Healthcare and Other Industries Can Use the HHS Cybersecurity Practices Guidance

Jan. 30, 2019

Analyzing Early GDPR Enforcement: U.K. and Austria

Jan. 23, 2019

Analyzing Early GDPR Enforcement: Portugal and Germany

Jan. 23, 2019

Illinois Federal Court Denies Standing in BIPA Claim Against Google

Jan. 23, 2019

Massachusetts Breach Notification Law 2.0: More Protections for Consumers, More Requirements for Businesses

Jan. 16, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part Two of Two)

Jan. 16, 2019

How a New Ethics Rule and Error in Manafort Case Highlight the Importance of Lawyers’ Technology Competence

Jan. 9, 2019

FTC Data Security Hearing Examines M&A Cybersecurity Risks and Promoting Better Policies

Jan. 9, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part One of Two)

Dec. 12, 2018

Understanding the Potential Implications of Pennsylvania’s Newly Recognized Common Law Duty to Protect Personal Information

Dec. 12, 2018

Implications of a Dynamic Regulatory and Threat Environment on E.U. and U.S. Cyber Insurance Markets

Dec. 12, 2018

Illinois Appellate Decision Creates Split on Standing to Sue Under BIPA

Dec. 5, 2018

Insights From Uber: Building Bridges Between Legal and Engineering

Nov. 28, 2018

The Growing Role of State AGs in Privacy Enforcement 

Nov. 28, 2018

Insights From Uber: An Inside Look at Its Privacy Team Structure and How Legal and Tech Collaborated on Its Differential Privacy Tool

Nov. 28, 2018

SEC Officials and the Defense Bar Talk Cybersecurity Enforcement Trends and Takeaways From Recent Cases

Nov. 7, 2018

How to Improve Risk Analysis in the Wake of the Anthem’s Record Settlement

Nov. 7, 2018

How GoDaddy Built an Effective Privacy Program

Oct. 31, 2018

How to Comply With Canada’s New Privacy Breach Reporting and Record-Keeping Rules

Oct. 31, 2018

SEC Report on Business Email Compromise Signals That It May Pursue Insufficient Internal Controls Cases

Oct. 24, 2018

California Enacts Groundbreaking IoT Law and Requires Disclosure of Bot Use

Oct. 24, 2018

Unregistered Crypto Asset Fund Hit With Multiple Securities Laws Violations by SEC

Oct. 24, 2018

The Hidden Requirements in NYDFS’ Cybersecurity Regulation

Oct. 17, 2018

Regulating AI: U.S., E.U. and Industry Laws and Guidance

Oct. 10, 2018

Lessons From the SEC’s First Red Flags Rule Settlement

Sep. 26, 2018

Five Takeaways From the Fiserv Wake-Up Call

Sep. 19, 2018

Ohio Adopts Pioneering Cybersecurity Safe Harbor for Companies

Sep. 12, 2018

Colorado’s Revised Cybersecurity Law Clarifies and Strengthens Existing Requirements

Sep. 12, 2018

Information Sharing in the Private Sector: Lessons From the Financial Services Industry

Sep. 5, 2018

How the GDPR Will Affect Private Funds’ Use of Alternative Data

Aug. 22, 2018

A Fund Manager’s Roadmap to Big Data: Privacy Concerns, Third Parties and Drones

Aug. 15, 2018

A Fund Manager’s Roadmap to Big Data: MNPI, Web Scraping and Data Quality

Aug. 8, 2018

U.K.’s Cyber Essentials Provide a Window Into GDPR Security Infrastructure Requirements

Aug. 8, 2018

Essential Cyber, Tech and Privacy M&A Due Diligence Considerations

Jul. 25, 2018

GDPR Essentials for the Financial Sector: Staying Compliant and Special Challenges (Part Three of Three)

Jul. 18, 2018

GDPR Essentials for the Financial Sector: Compliance Steps (Part Two of Three)

Jul. 18, 2018

What to Expect From California’s Expansive Privacy Legislation

Jul. 18, 2018

Overcoming Barriers to Cross-Border Data Flows, Contract Provisions and Other Digital Transformation Issues

Jul. 11, 2018

GDPR Essentials for the Financial Sector: Benchmarking and Assessing the Risks (Part One of Three)

Jul. 11, 2018

Is Encryption Obligatory? HHS Upholds Texas Hospital $4.3M HIPAA Fine 

Jun. 27, 2018

What Are the GDPR’s Implications for Alternative Investment Managers? (Part Two of Two)

Jun. 27, 2018

Implementation of NIS Directive Commences Unprecedented E.U.-Wide Cybersecurity Regime

Jun. 20, 2018

What Are the GDPR’s Implications for Alternative Investment Managers? (Part One of Two)

Jun. 13, 2018

CFTC Commissioner Encourages Formation of Self-Regulatory Organization for Cryptocurrency Spot Platforms

Jun. 6, 2018

Analyzing New and Amended State Breach Notification Laws

Jun. 6, 2018

Beyond GDPR: The E.U.’s Expanding Cybersecurity Regime

May 30, 2018

Understanding the Intersection of Law and Artificial Intelligence

May 16, 2018

How to Ensure GDPR-Compliant Third-Party Relationships

May 16, 2018

Countdown to GDPR Enforcement: Final Steps and Looking Ahead

May 9, 2018

How Financial Services Firms Should Structure Their Cybersecurity Programs

May 9, 2018

The Right to Be Forgotten: English High Court Details When Google Must Delist Links to Crimes

May 2, 2018

Direct From the Irish Data Commissioner: GDPR Enforcement Priorities (Part Two of Two)

Apr. 25, 2018

Direct From the Irish Data Protection Commissioner: Supervising Facebook (Part One of Two)

Apr. 11, 2018

Breaking the Cloud: CLOUD Act Brings Data Held Overseas Under U.S. Jurisdiction

Apr. 11, 2018

Virtual Currencies Ruled Commodities Under the Commodities Exchange Act by District Court

Mar. 28, 2018

Beware of False Friends: A Hedge Fund Manager’s Guide to Social Engineering Fraud

Mar. 28, 2018

Evaluating Cybersecurity Coverage in Light of the GDPR

Mar. 28, 2018

Singapore Focuses on Critical Infrastructure With New Cybersecurity Law

Mar. 28, 2018

EY Global Data Analytics Survey Finds Lack of GDPR Preparedness and Need for Cross-Functional Collaboration

Mar. 14, 2018

Developing an Effective Third-Party Management Program

Mar. 14, 2018

How Will the GDPR Affect Due Diligence?

Mar. 14, 2018

FTC Enters Into Stiff Settlement With PayPal for Venmo’s Deceptive Practices, but Eases up on a 2009 Sears Order 

Feb. 28, 2018

How South Korea Regulates Cryptocurrency and Why U.S. Lawyers and Investors Should Take Notice

Feb. 28, 2018

The GDPR’s Data Subject Rights and Why They Matter

Feb. 28, 2018

SEC Confirms Cyber Disclosure Expectations in New Guidance

Feb. 28, 2018

Financial Firms Must Supervise Their IT Providers to Avoid CFTC Enforcement Action

Feb. 14, 2018

Dynamic Regulations and Shareholder Actions Guide the Board’s Shifting Role in Cyber (Part Two of Two)

Feb. 14, 2018

Using Technology to Comply With the GDPR

Feb. 14, 2018

Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair

Feb. 14, 2018

NY AG and HHS Flex Regulatory Muscles in Recent Protected Health Information Breach Settlements

Oct. 14, 2015

Privacy and Data Security Considerations for Life Sciences and Health Technology Companies (Part One of Two)

Jan. 31, 2018

Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)

Jan. 31, 2018

Dynamic Regulations and Shareholder Actions Guide the Board’s Shifting Role in Cyber (Part One of Two)

Jan. 31, 2018

Biometric Data Protection Laws and Litigation Strategies (Part One of Two)

Jan. 17, 2018

How Blockchain Will Continue to Revolutionize the Private Funds Sector in 2018

Jan. 17, 2018

Deadline Passes for DoD Contractors and Subcontractors to Provide “Adequate Security”: Are They Ready?

Jan. 17, 2018

A Practical Look at the GDPR’s Data Breach Notification Provision 

Dec. 20, 2017

Five Months Until GDPR Enforcement: Addressing Tricky Questions and Answers

Dec. 20, 2017

Electronic Signatures: Implementation Considerations for the Financial Sector (Part Two of Two)

Dec. 6, 2017

Actions Under Biometric Privacy Laws Highlight Related Risks

Dec. 6, 2017

Electronic Signatures: Implementation Considerations for the Financial Sector (Part One of Two)

Nov. 8, 2017

E.U. Data Regulators Weigh in on GDPR Prep in Asia and Across the Globe

Oct. 25, 2017

Privacy Shield Survives First Annual Review

Oct. 25, 2017

Survey Finds Cybersecurity Preparedness of Alternative Asset Managers to be Inadequate Relative to Traditional Asset Managers and Broker-Dealers

Oct. 11, 2017

Reconciling Data Localization Laws and the Global Flow of Information

Sep. 27, 2017

FTC Settlements in Privacy Shield Cases and With Lenovo Over Use of “Man-in-the-Middle” Software Highlight Vigorous Enforcement Efforts

Sep. 27, 2017

New Criteria for Employee Monitoring Practices in Light of ECHR Decision

Sep. 27, 2017

Deloitte Survey Shows Getting Skilled Cybersecurity Talent and Addressing Cyber Threats Among the Top Challenges for Financial Institutions

Sep. 13, 2017

Focus on Children’s Privacy by FTC and Plaintiffs Calls for Prioritizing COPPA

Aug. 23, 2017

Implications and Analysis of the E.U.-Canada Data Sharing Agreement Rejection

Aug. 23, 2017

Inside Advice on the Growing Cyber Insurance Market for the Financial Sector

Aug. 23, 2017

SEC Report Cites Cybersecurity Progress Along With Gaps in Training and Compliance

Aug. 9, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part Two of Two)

Aug. 9, 2017

What the Financial Sector Should Know to Recognize and Combat Cyber Threats (Part Two of Two)

Aug. 9, 2017

Identifying and Managing Third-Party Cybersecurity Risks for Asset Managers

Jun. 3, 2015

Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans

Jul. 26, 2017

How the CCO Can Use SEC Guidance to Tackle Cyber Threats 

Jul. 26, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)

Jul. 26, 2017

International Law Playing Cybersecurity Catch-Up (Part Two of Two)

Jul. 12, 2017

Navigating the Intersection of ERISA Fiduciary Duties and Cybersecurity Risk

Jul. 12, 2017

Blockchain and the Financial Services Industry: Potential Impediments to Its Eventual Adoption (Part Three of Three)

Jul. 12, 2017

Synthesizing New York and Colorado’s Trailblazing Data Security Regulations for Financial Firms

Jun. 28, 2017

Surveys Show Cyber Risk Remains High for Financial Services Despite Preventative Steps

Jun. 28, 2017

How Financial Service Providers Can Use Blockchain to Improve Operations and Compliance (Part Two of Three)

Jun. 28, 2017

Three Takeaways From Congress’s Cross-Border Data Hearings

Jun. 14, 2017

Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?

Jun. 14, 2017

Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It (Part One of Three)

May 31, 2017

One Year Until GDPR Enforcement: Five Steps Companies Should Take Now

May 17, 2017

Executive Order on Cybersecurity Signed Amidst Massive Worldwide Ransomware Attack

May 17, 2017

Tracking Data and Maximizing Its Potential

May 3, 2017

Infrastructure Cybersecurity Challenges: A View Through the Oil and Gas Pipeline Lens

May 3, 2017

European Data Protection Supervisor Offers Advice on Privacy Shield Review and GDPR Preparation

May 3, 2017

Practical and Innovative Permissioning Within the Framework of Europe’s Upcoming Data Protection Regulations

May 3, 2017

SEC Officials Flesh Out Cybersecurity Enforcement and Examination Priorities (Part One of Two)

Apr. 19, 2017

How to Ensure Cyber Risks Do Not Derail an IPO

Apr. 19, 2017

Effective and Compliant Employee Monitoring (Part Two of Two)

Apr. 5, 2017

Best Practices for Mitigating Compliance Risks When Investment Advisers Use Social Media 

Apr. 5, 2017

Effective and Compliant Employee Monitoring (Part One of Two) 

Apr. 5, 2017

A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part Two of Two)

Mar. 22, 2017

A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part One of Two)

Mar. 8, 2017

What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations

Feb. 22, 2017

Marsh and FireEye Take the Pulse of European Cybersecurity Climate

Feb. 22, 2017

Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection 

Feb. 8, 2017

How Fund Managers Can Prepare for Investor Cybersecurity Due Diligence 

Feb. 8, 2017

Lessons From the Continued Uptick in HIPAA Enforcements 

Feb. 8, 2017

Getting to Know the DPO and How to Adapt Corporate Structure to Comply With GDPR Requirements for the Role (Part Two of Two)

Jan. 25, 2017

Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation

Jan. 25, 2017

FINRA Emphasizes the Importance of Proper Electronic Record Storage in Enforcement Actions

Jan. 25, 2017

Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)

Jan. 25, 2017

Triaging Security Projects in the Current Legal Landscape

Jan. 11, 2017

Ten Cybersecurity Priorities for 2017

Jan. 11, 2017

Privacy, Security Risks and Applicable Regulatory Regimes of Smart TVs

Jan. 11, 2017

FTC Priorities for 2017 and Beyond

Dec. 14, 2016

Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity 

Dec. 14, 2016

Navigating Data Privacy Laws in Cross-Border Investigations

Dec. 14, 2016

Advice From Compliance Officers on Getting the C-Suite to Show You the Money for Your Data Privacy Program

Dec. 14, 2016

FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer

Nov. 16, 2016

Navigating U.S. and E.U. Cybersecurity Requirements

Nov. 16, 2016

WilmerHale Attorneys Explain the Evolving Cybersecurity Environment of the Energy Sector

Nov. 2, 2016

Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty

Oct. 5, 2016

Examining Newly Released Privacy and Security Guidance for the Fast-Driving Development of Autonomous Cars

Oct. 19, 2016

SEC Emphasizes Protecting Information From More Than Just Cyber Threats in Deutsche Bank Case

Oct. 19, 2016

How the Financial Services Industry Can Handle Cybersecurity Threats, Acquisition Diligence and Breach Response

Oct. 5, 2016

FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms

Sep. 21, 2016

Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation

Sep. 7, 2016

Navigating Online Identity Management’s Risks and Regulations

Aug. 3, 2016

Procedures for Hedge Fund Managers to Safeguard Trade Secrets From Rogue Employees 

Aug. 3, 2016

Second Circuit Quashes Warrant for Microsoft to Produce Email Content Stored Overseas 

Aug. 3, 2016

Is Pokémon Go Pushing the Bounds of Mobile App Privacy and Security?

Jul. 20, 2016

Key Requirements of the Newly Approved Privacy Shield

Jul. 20, 2016

Challenges Facing Chief Privacy Officers

Jul. 20, 2016

How the Financial Services Industry Can Manage Cyber Risk

Jul. 6, 2016

How Will Brexit Affect U.K. Data Protection and Privacy Laws?

Jul. 6, 2016

Enforcing Consumer Consent: FTC Focuses on Location Tracking and Children’s Privacy

Jun. 22, 2016

Morgan Stanley Action Signals SEC’s Continued Enforcement of Safeguards Rule

May 11, 2016

SEC Teaches Broker-Dealer a Lesson About Keeping Business Emails Secure

Apr. 27, 2016

Designing Privacy Policies for Products and Devices in the Internet of Things

Apr. 27, 2016

Federal Judge Offers Advice on Litigating Data Privacy, Security Breach and TCPA Class Action Suits

Apr. 27, 2016

Mitigating the Risks of Using Social Media in the Workplace

Apr. 13, 2016

Ten Steps to Minimize Data Privacy and Security Risk and Maximize Compliance

Mar. 30, 2016

Securing Connected Medical Devices to Ensure Regulatory Compliance and Customer Safety (Part One of Two)

Mar. 30, 2016

Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

Mar. 30, 2016

In-House and Outside Counsel Offer Strategies for Navigating the TCPA, Avoiding Litigation and Responding to Breaches

Mar. 16, 2016

How Financial Service Providers Can Address Common Cybersecurity Threats

Mar. 16, 2016

Making Sense of Cybersecurity and Privacy Developments in the E.U.

Mar. 2, 2016

Expert Advice on Newly Effective NFA Cybersecurity Requirements for Market Participants

Mar. 2, 2016

Synthesizing Breach Notification Laws in the U.S. and Across the Globe

Feb. 17, 2016

White House Lays Out Its Broad Cybersecurity Initiatives

Feb. 17, 2016

HIPAA Privacy Rule Permits Disclosures to Firearm Background Check System

Feb. 17, 2016

Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part Two of Two)

Feb. 17, 2016

Deal Struck to Maintain the Transatlantic Data Flow 

Feb. 3, 2016

Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part One of Two)

Feb. 3, 2016

Safe Harbor 2.0 Agreement Reached

Jan. 20, 2016

What OFAC’s New Cyber-Related Sanctions Regulations Mean for Companies

Jan. 20, 2016

The E.U.’s New Rules: Latham & Watkins Partner Gail Crawford Discusses the Network Information Security Directive and the General Data Protection Regulation

Jan. 20, 2016

Navigating FCA and SEC Cybersecurity Expectations (Part Two of Two)

Jan. 6, 2016

Keeping Up with Technology and Regulatory Changes in Online Advertising to Mitigate Risks

Jan. 6, 2016

How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)

Jan. 6, 2016

Cybersecurity and Whistleblowing Converge in a New Wave of SEC Activity

Jan. 6, 2016

FTC Director Analyzes Its Most Significant 2015 Cyber Cases and Provides a Sneak Peek Into 2016

Jan. 6, 2016

Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)

Jan. 6, 2016

Opportunities and Challenges of the Long-Awaited Cybersecurity Act of 2015

Dec. 9, 2015

The Multifaceted Role of In-House Counsel in Cybersecurity 

Dec. 9, 2015

How the Financial Services Sector Can Meet the Cybersecurity Challenge:  A Snapshot of the Regulatory Landscape (Part One of Two)

Dec. 9, 2015

Year-End HIPAA Settlements May Signal More Aggressive Enforcement by HHS

Nov. 11, 2015

Liability Lessons from Data Breach Enforcement Actions

Nov. 11, 2015

What Companies Can Learn from Cybersecurity Resources in Pittsburgh

Nov. 11, 2015

California Law Enforcement Faces Higher Bar in Acquiring Electronic Information

Nov. 11, 2015

New NFA Notice Provides Cybersecurity Guidance to Futures and Derivatives Market

Oct. 28, 2015

Federal Courts Offer a Modern Interpretation of the VHS-Era Video Privacy Protection Act

Oct. 28, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

Oct. 28, 2015

How the Department of Commerce Can Help Companies Address Cybersecurity and Corruption Concerns

Oct. 28, 2015

Privacy and Data Security Considerations for Life Sciences and Health Technology Companies (Part Two of Two)

Oct. 28, 2015

Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

Oct. 14, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

Oct. 14, 2015

Dangerous Harbor: Analyzing the European Court of Justice Ruling

Sep. 30, 2015

What the OCIE Cybersecurity Risk Alert Means for Investment Advisers and Broker-Dealers

Sep. 30, 2015

Investment Adviser Penalized for Weak Cyber Polices; OCIE Issues Investor Alert

Sep. 16, 2015

How the Legal Industry Is Sharing Information to Combat Cyber Threats

Sep. 16, 2015

Learning from the Target Data Breach About Effective Third-Party Risk Management  (Part One of Two)

Aug. 26, 2015

Seeking Solutions to Cross-Border Data Realities

Aug. 26, 2015

FTC Weighs In on the Security of Health Care Data on the Cloud

Aug. 26, 2015

The Development of E-Currency and Its Potential Impact on the Future

Aug. 12, 2015

Can an Employee Be Liable for Inadvertently Providing Security Details to a Fraudulent Caller?

Aug. 12, 2015

Navigating the Evolving Mobile Arena Landscape (Part Two of Two)

Jul. 15, 2015

Understanding and Mitigating Liability Under the Children’s Online Privacy Protection Act

Jul. 1, 2015

Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part Two of Two)

Jul. 1, 2015

SEC Commissioner Says Public-Private Partnership Is Key to Effective Cybersecurity

Jul. 1, 2015

Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)

Jul. 1, 2015

What Companies Need to Know About the FCC’s Actions Against Unwanted Calls and Texts

Jun. 17, 2015

Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part One of Two)

May 20, 2015

After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?

May 20, 2015

Analyzing and Mitigating Cybersecurity Risks to Investment Managers (Part Two of Two)

May 6, 2015

Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)

May 6, 2015

Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks

Apr. 22, 2015

Steps to Take Following a Healthcare Data Breach

Apr. 22, 2015

Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry

Apr. 8, 2015

The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions

Apr. 8, 2015

ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.