For full functionality of this site it is necessary to enable JavaScript. Here are the instructions to help you enable JavaScript in your web browser.

Regulations & Enforcement

Legislation
Investigations and Actions
Regulatory Bodies

Feb. 17, 2021

A Fake Zoom Invite Hack: Eight More Lessons

Feb. 10, 2021

GDPR Lives On in the U.K. Post-Brexit

Feb. 10, 2021

A Fake Zoom Invite Hack: What Happened and Three Lessons

Feb. 10, 2021

What the New Information Security Reporting Standards Mean for Financial Institutions

Feb. 3, 2021

Expect Continuing Regulatory Focus on Cybersecurity and Data Protection in 2021

Feb. 3, 2021

Getting Started With CMMC: How to Prepare and What to Expect From the Assessment

Jan. 27, 2021

Getting Started With CMMC: Understanding Goals, Requirements and Challenges

Jan. 20, 2021

Privacy Resolutions for 2021

Jan. 20, 2021

Disputed Twitter Fine Offers Breach Response Lessons

Jan. 13, 2021

Can the Cybersecurity Industry Improve Cooperation to Beat Threats?

Jan. 6, 2021

Privacy and Security Risks in International Arbitration: Managing Remote Proceedings

Jan. 6, 2021

Maintaining Privacy While Staying Competitive in an Evolving Regulatory Landscape

Jan. 6, 2021

Six Practical Tips for Building an Effective Privacy Risk Assessment Program

Dec. 16, 2020

Privacy and Security Risks in International Arbitration: Threats and the Information Security Protocol

Dec. 16, 2020

How Will the Biden Administration’s Approach to Cybersecurity Impact the Private Sector?

Dec. 9, 2020

What the New IoT Act Means for the Private Sector

Dec. 9, 2020

Strategies for Managing the Intersection of Cybersecurity and New Technologies

Dec. 2, 2020

ICO Hones GDPR Enforcement Approach With Reduced Fines for British Airways, Marriott and Ticketmaster

Dec. 2, 2020

How CCOs Can Avoid Personal Liability for an Organization’s Compliance Failures

Nov. 18, 2020

Asset Disposal and Vendor Management Lessons From Morgan Stanley's OCC Settlement

Nov. 11, 2020

The Intelligent Workplace in the Age of a Pandemic: Six Privacy and Security Safeguards

Nov. 11, 2020

Understanding the World’s New Four-Letter Privacy Law: China’s PIPL

Nov. 4, 2020

Comparing U.S. and E.U. Approaches to Incident Response and Breach Notification

Oct. 28, 2020

The Intelligent Workplace in the Age of a Pandemic: Balancing Innovation and Risk

Oct. 21, 2020

Steps to Take After OFAC and FinCEN’s Warnings on Ransomware Payoffs

Oct. 21, 2020

Senior Commerce Official Discusses Supply Chain Security and Cyber Policy

Oct. 14, 2020

H&M’s $41M GDPR Fine Underscores Importance of Employee Data Handling

Oct. 14, 2020

Top Priorities for Compliance With Brazil’s New Personal Data Protection Law

Sep. 30, 2020

What to Expect From the CPRA – California’s New Proposed Privacy Law

Sep. 23, 2020

Apple Overhauls Privacy for iPhone Apps, but Will It Enforce Its Policies?

Sep. 23, 2020

Identifying and Preventing Ransomware Attacks

Sep. 9, 2020

Implementing the CCPA Regulations: Are You Ready?

Sep. 2, 2020

After Death of the Cookie, New Advertising Strategies Raise Compliance Questions

Sep. 2, 2020

Business Continuity Plans, Budgets and More: Hot Compliance Topics for Investment Advisers

Aug. 12, 2020

Six Compliance Lessons From NYDFS’ First Cybersecurity Regulation Enforcement Action

Aug. 12, 2020

Navigating China’s Cybersecurity Regulatory Maze

Aug. 5, 2020

CCPA and Online Ads: Contract and Compliance Consequences

Aug. 5, 2020

Early EDPB Guidance in the Wake of Schrems II Signals Where E.U.-U.S. Data Transfers Are Headed

Jul. 29, 2020

CCPA and Online Ads: Facebook Finally Acts, AG Starts Enforcement

Jul. 22, 2020

Ten Initial Steps for E.U. and U.S. Companies in Light of Schrems II Ruling

Jul. 15, 2020

Back to the Table: CCPA Regulations Spark New Wave of Service-Provider Negotiations

Jul. 15, 2020

Business Continuity Planning: How to Update a BCP With Lessons Learned From the Pandemic

Jun. 24, 2020

Balancing Privacy Rights and Innovation in Digital Contact Tracing

Jun. 24, 2020

Perspectives From the Public and Private Sectors on Information Sharing During COVID-19

Jun. 24, 2020

How to Comply With Key CCPA Notice and Consumer Request Requirements

Jun. 17, 2020

The (Im)Possibilities of Scientific Research Under the GDPR

Jun. 17, 2020

Privacy Settings May Serve as One-Step CCPA Opt-Out From Sale

Jun. 10, 2020

Are You Prepared for OCIE’s Sweep of Business Continuity Plans and Coronavirus Actions?

May 27, 2020

Recent Developments in E.U. Cybersecurity Regulation

May 20, 2020

How to Facilitate a Safe and Privacy Compliant Return to Work: Policies and Protocols

May 20, 2020

Did Adtech Fix Its CCPA Problem? IAB’s GC Discusses New Contract for Data Sales

May 13, 2020

How to Facilitate a Safe and Privacy Compliant Return to Work: Laws and Guidance

May 6, 2020

How Asset Managers and Others Can Mitigate Pandemic-Related Operational Risks and Maintain Business Continuity

Apr. 29, 2020

Understanding Insider Trading Based on Data Breaches Amidst Heightened Regulatory Scrutiny

Apr. 29, 2020

What Is the Potential Liability for Zoombombing, and How Safe Are Zoom Alternatives?

Apr. 22, 2020

GDPR Enforcement Lessons and New ICO Guidance on COVID‑19

Apr. 22, 2020

How Is COVID-19 Affecting Cybersecurity Risk, Readiness, Reporting and NYDFS Enforcement?

Apr. 22, 2020

Morrisons Ruling Lets U.K. Employers Off the Hook for Rogue Employee Data Leaks

Apr. 15, 2020

Six Ways to Be Prepared for the SEC’s Focus on Cybersecurity and Resiliency

Apr. 15, 2020

Takeaways From Former FTC Officials on 2019 Enforcement Actions: Data Security Guidance and Enforcement Predictions

Apr. 8, 2020

Takeaways From Former FTC Officials on the Commission’s 2019 Enforcement: General, Financial and Children’s Privacy

Apr. 1, 2020

A Considered Cooperation Approach Is Vital in ICO Data Protection Audits

Mar. 25, 2020

Gauging the GDPR’s Global Reach

Mar. 25, 2020

Are Companies Turning a Blind Eye to Their Lost Data on the Dark Web?

Mar. 11, 2020

NIST’s New IoT Standard: Inspiring a Wave of New Device Security Guidance

Mar. 11, 2020

The Keys to Encryption: Legal and Regulatory Framework

Mar. 4, 2020

Safeguards for Proper Disposal of Hardware: Effective Inventories, Policies and Due Diligence

Mar. 4, 2020

NIST’s New IoT Standard: Boosting Security As States Launch Laws

Feb. 26, 2020

Safeguards for Proper Disposal of Hardware: Risks and Examiner Expectations

Feb. 19, 2020

Consciously Coupling: Tackling the Juxtaposition Between Adtech and Privacy

Feb. 19, 2020

Best Practices for Using Alternative Data: Mitigating Regulatory Risks

Feb. 12, 2020

How to Approach CCPA’s Under-16 Opt-In Consent

Feb. 12, 2020

Best Practices for Using Alternative Data: Collection and Provider Management

Feb. 5, 2020

Defining, Implementing and Documenting “Reasonable Security”

Feb. 5, 2020

CCPA Litigation Risks: How to Avoid Claims Under Other Statutes

Jan. 29, 2020

Establishing a Foundation for Breach-Notification Compliance in a Sea of Privacy Laws

Jan. 22, 2020

How to Stem the Coming Tide of CCPA Private Litigation

Jan. 15, 2020

Key Compliance Considerations for Fund Managers Using Alternative Data

Jan. 8, 2020

Present and Former Regulators Discuss Current SEC and NFA Examination and Enforcement Environment

Dec. 18, 2019

Not Just the GDPR: Privacy Laws in Belarus, Russia, Switzerland, Turkey and Ukraine

Dec. 11, 2019

Not Just GDPR: Examining the Other European Privacy Laws

Dec. 11, 2019

How to Handle E.U. Data Subject Access Requests

Dec. 4, 2019

U.K. and U.S. Sign First E-Evidence Pact Under the CLOUD Act: A Look at the Privacy Protections

Nov. 20, 2019

U.K. and U.S. Sign First E-Evidence Pact Under the CLOUD Act: Fewer Hurdles, More Clarity and New Questions

Nov. 13, 2019

AI for Fund Managers and Beyond: Government Guidance

Nov. 13, 2019

Updating Cyber Policies to Align With Recent SEC Exams and Guidance

Nov. 13, 2019

Updating Vendor Agreements to Comply With CCPA: Non-Third Parties and Key Steps

Nov. 6, 2019

AI for Fund Managers and Beyond: How to Use It to Streamline Operations

Nov. 6, 2019

Updating Vendor Agreements to Comply With CCPA: Service-Provider Exemption and Corporate Approaches

Oct. 30, 2019

Broad but Limited Reach of GDPR Highlighted in ECJ Google Ruling on “Right to Be Forgotten”

Oct. 23, 2019

CFTC Issues $1.5-Million Fine After Phishing Attack

Oct. 23, 2019

ICO Enforcement Takeaways After Marriott and British Airways

Oct. 16, 2019

Portuguese DPA Holds Parts of Portuguese Data Protection Law Inconsistent With GDPR

Oct. 16, 2019

How Uber, eBay and Pitney Bowes Built Principles-Based Global Privacy Programs

Oct. 9, 2019

CCPA Close-Up: Examining the GLBA Carve-Out and How Financial Institutions Can Evaluate Applicability

Oct. 9, 2019

Does the GDPR Disadvantage Non-E.U. Companies? Addressing the Lead Supervisory Authority Dilemma (Part Two)

Oct. 2, 2019

CCPA Close-Up: Review of Amendments and How to Prepare for Compliance

Oct. 2, 2019

Does the GDPR Disadvantage Non-E.U. Companies? The Benefits of a Lead Supervisory Authority (Part One of Two)

Sep. 18, 2019

New York’s First Mandated Cybersecurity Standards: A Compliance Roadmap

Sep. 18, 2019

Far-Reaching Google and YouTube Settlement Offers COPPA Compliance Lessons

Sep. 11, 2019

New York’s New Cybersecurity Standards: Expanding Definitions and Requirements

Aug. 21, 2019

Examining Portugal’s GDPR Implementation Statute

Aug. 21, 2019

Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA

Aug. 14, 2019

Practical Implications of China’s New Cybersecurity Inspection Regulation

Jul. 17, 2019

Maine Enacts Sweeping Broadband Customer Privacy Law

Jul. 17, 2019

How to Establish an Efficient Incident Response Plan

Jul. 10, 2019

Parental Liability in the E.U.: Mitigating Liability at Various Stages of Portfolio Company Ownership

Jul. 10, 2019

Can GDPR Hinder AI Made in Europe?

Jul. 10, 2019

Implications of Nevada’s New Privacy Law

Jun. 26, 2019

Parental Liability in the E.U.: Rebuttable Presumption of Decisive Influence and Four Misconceptions About Avoiding Liability

Jun. 26, 2019

Preparing for the Latest SEC Cyber Sweeps

Jun. 19, 2019

Parental Liability in the E.U.: “Undertakings” and Potential Scope of Risk for Parent Entities

Jun. 19, 2019

Kids, Privacy & Legal Compliance

Jun. 12, 2019

CCPA Priorities: Tackling Data Subject Rights Requests and Vendors

Jun. 5, 2019

Irish Data Protection Commissioner Helen Dixon on Breach Notification, the Role of the DPO and a U.S. Privacy Law

Jun. 5, 2019

CCPA Priorities: Turning Legislation Prep Into a Program Shift

Jun. 5, 2019

FINRA RegTech Conference Reviews AI, RegTech Adoption and Compliance Challenges (Part Two of Two)

May 29, 2019

FINRA RegTech Conference Examines Digital Identification, Suspicious Activity Reporting and Machine Learning

May 29, 2019

Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In

May 22, 2019

Deputy Assistant Attorney General Seeks to Dispel CLOUD Act Misunderstandings One Year In

May 15, 2019

ECJ Confirms Direct Parental Liability for Civil Damages for Subsidiary Antitrust or GDPR Violations

May 8, 2019

Lessons From FTC 2018 Privacy and Data Security Update: Hearings, Reports and 2019 Predictions

May 8, 2019

Understanding Regulatory Technology: Current Uses and Deployment Considerations

May 1, 2019

Understanding Regulatory Technology: Tools, Challenges and Regulators’ Views

May 1, 2019

Lessons From FTC 2018 Privacy and Data Security Update: Financial Privacy, COPPA and International Enforcement

Apr. 24, 2019

Lessons From FTC's 2018 Privacy and Data Security Update: Enforcement Takeaways

Apr. 17, 2019

China Establishes Certification Scheme for Mobile App Operators

Apr. 17, 2019

GPEN Report Highlights Key Areas for Data Privacy Improvement

Apr. 10, 2019

Utah Act Increases Restrictions on Access to Third-Party Data

Apr. 10, 2019

Combatting Privacy Issues Arising From Geolocation Data Use: Five Risk-Mitigation Strategies

Apr. 3, 2019

Combatting Privacy Issues Arising From Geolocation Data Use: Understanding the Legal Landscape

Mar. 27, 2019

Companies May Need to Re-Examine Approach to Breach Response Preparedness According to Experian Survey

Mar. 20, 2019

COPPA Compliance Lessons Following Musical.ly’s $5.7 Million FTC Settlement

Mar. 13, 2019

Mitigating the Risks of Open-Source Software

Mar. 13, 2019

Takeaways From 2018 COPPA Developments and a Forward-Thinking Approach to Compliance

Mar. 6, 2019

The NYDFS’ Cybersecurity Regulation’s Third-Party Requirement and Beyond

Mar. 6, 2019

Preparing for the CCPA: Best Practices and Understanding Enforcement

Mar. 6, 2019

Benefits and Risks of Open-Source Software and How the Financial Sector Is Using It

Feb. 27, 2019

Preparing for the CCPA: Securing Buy-In and Setting the Scope

Feb. 27, 2019

U.K. Employers on the Hook for Rogue Employee Data Leaks Post-Morrison

Feb. 20, 2019

ACA Aponix-NSCP Cyber Survey Finds Growing Numbers of Security Incidents, Cloud Use and Regulatory Burdens

Feb. 13, 2019

FINRA Report Addresses Common Cybersecurity Risks and Recommends Mitigation Measures

Feb. 6, 2019

Analyzing Early GDPR Enforcement: France

Feb. 6, 2019

Examining the New Requirements and Broad Definition of Data Broker Under Vermont’s New Law

Jan. 30, 2019

Analyzing Early GDPR Enforcement: U.K. and Austria

Jan. 30, 2019

How Healthcare and Other Industries Can Use the HHS Cybersecurity Practices Guidance

Jan. 23, 2019

Analyzing Early GDPR Enforcement: Portugal and Germany

Jan. 23, 2019

Massachusetts Breach Notification Law 2.0: More Protections for Consumers, More Requirements for Businesses

Jan. 23, 2019

Illinois Federal Court Denies Standing in BIPA Claim Against Google

Jan. 16, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part Two of Two)

Jan. 16, 2019

How a New Ethics Rule and Error in Manafort Case Highlight the Importance of Lawyers’ Technology Competence

Jan. 9, 2019

GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part One of Two)

Jan. 9, 2019

FTC Data Security Hearing Examines M&A Cybersecurity Risks and Promoting Better Policies

Dec. 12, 2018

Implications of a Dynamic Regulatory and Threat Environment on E.U. and U.S. Cyber Insurance Markets

Dec. 12, 2018

Illinois Appellate Decision Creates Split on Standing to Sue Under BIPA

Dec. 12, 2018

Understanding the Potential Implications of Pennsylvania’s Newly Recognized Common Law Duty to Protect Personal Information

Dec. 5, 2018

Insights From Uber: Building Bridges Between Legal and Engineering

Nov. 28, 2018

SEC Officials and the Defense Bar Talk Cybersecurity Enforcement Trends and Takeaways From Recent Cases

Nov. 28, 2018

Insights From Uber: An Inside Look at Its Privacy Team Structure and How Legal and Tech Collaborated on Its Differential Privacy Tool

Nov. 28, 2018

The Growing Role of State AGs in Privacy Enforcement

Nov. 7, 2018

How GoDaddy Built an Effective Privacy Program

Nov. 7, 2018

How to Improve Risk Analysis in the Wake of the Anthem’s Record Settlement

Oct. 31, 2018

SEC Report on Business Email Compromise Signals That It May Pursue Insufficient Internal Controls Cases

Oct. 31, 2018

How to Comply With Canada’s New Privacy Breach Reporting and Record-Keeping Rules

Oct. 24, 2018

Unregistered Crypto Asset Fund Hit With Multiple Securities Laws Violations by SEC

Oct. 24, 2018

The Hidden Requirements in NYDFS’ Cybersecurity Regulation

Oct. 24, 2018

California Enacts Groundbreaking IoT Law and Requires Disclosure of Bot Use

Oct. 17, 2018

Regulating AI: U.S., E.U. and Industry Laws and Guidance

Oct. 10, 2018

Lessons From the SEC’s First Red Flags Rule Settlement

Sep. 26, 2018

Five Takeaways From the Fiserv Wake-Up Call

Sep. 19, 2018

Ohio Adopts Pioneering Cybersecurity Safe Harbor for Companies

Sep. 12, 2018

Information Sharing in the Private Sector: Lessons From the Financial Services Industry

Sep. 12, 2018

Colorado’s Revised Cybersecurity Law Clarifies and Strengthens Existing Requirements

Sep. 5, 2018

How the GDPR Will Affect Private Funds’ Use of Alternative Data

Aug. 22, 2018

A Fund Manager’s Roadmap to Big Data: Privacy Concerns, Third Parties and Drones

Aug. 15, 2018

A Fund Manager’s Roadmap to Big Data: MNPI, Web Scraping and Data Quality

Aug. 8, 2018

U.K.’s Cyber Essentials Provide a Window Into GDPR Security Infrastructure Requirements

Aug. 8, 2018

Essential Cyber, Tech and Privacy M&A Due Diligence Considerations

Jul. 25, 2018

GDPR Essentials for the Financial Sector: Staying Compliant and Special Challenges (Part Three of Three)

Jul. 18, 2018

What to Expect From California’s Expansive Privacy Legislation

Jul. 18, 2018

GDPR Essentials for the Financial Sector: Compliance Steps (Part Two of Three)

Jul. 18, 2018

Overcoming Barriers to Cross-Border Data Flows, Contract Provisions and Other Digital Transformation Issues

Jul. 11, 2018

GDPR Essentials for the Financial Sector: Benchmarking and Assessing the Risks (Part One of Three)

Jul. 11, 2018

Is Encryption Obligatory? HHS Upholds Texas Hospital $4.3M HIPAA Fine

Jun. 27, 2018

What Are the GDPR’s Implications for Alternative Investment Managers? (Part Two of Two)

Jun. 27, 2018

Implementation of NIS Directive Commences Unprecedented E.U.-Wide Cybersecurity Regime

Jun. 20, 2018

What Are the GDPR’s Implications for Alternative Investment Managers? (Part One of Two)

Jun. 13, 2018

CFTC Commissioner Encourages Formation of Self-Regulatory Organization for Cryptocurrency Spot Platforms

Jun. 6, 2018

Beyond GDPR: The E.U.’s Expanding Cybersecurity Regime

Jun. 6, 2018

Analyzing New and Amended State Breach Notification Laws

May 30, 2018

Understanding the Intersection of Law and Artificial Intelligence

May 16, 2018

How to Ensure GDPR-Compliant Third-Party Relationships

May 16, 2018

Countdown to GDPR Enforcement: Final Steps and Looking Ahead

May 9, 2018

How Financial Services Firms Should Structure Their Cybersecurity Programs

May 9, 2018

The Right to Be Forgotten: English High Court Details When Google Must Delist Links to Crimes

May 2, 2018

Direct From the Irish Data Commissioner: GDPR Enforcement Priorities (Part Two of Two)

Apr. 25, 2018

Direct From the Irish Data Protection Commissioner: Supervising Facebook (Part One of Two)

Apr. 18, 2018

Guidance and Clarification on Asia’s Evolving Cybersecurity and Data Protection Laws

Apr. 11, 2018

Breaking the Cloud: CLOUD Act Brings Data Held Overseas Under U.S. Jurisdiction

Apr. 11, 2018

Virtual Currencies Ruled Commodities Under the Commodities Exchange Act by District Court

Mar. 28, 2018

Evaluating Cybersecurity Coverage in Light of the GDPR

Mar. 28, 2018

EY Global Data Analytics Survey Finds Lack of GDPR Preparedness and Need for Cross-Functional Collaboration

Mar. 28, 2018

Singapore Focuses on Critical Infrastructure With New Cybersecurity Law

Mar. 28, 2018

Beware of False Friends: A Hedge Fund Manager’s Guide to Social Engineering Fraud

Mar. 14, 2018

How Will the GDPR Affect Due Diligence?

Mar. 14, 2018

Developing an Effective Third-Party Management Program

Mar. 14, 2018

FTC Enters Into Stiff Settlement With PayPal for Venmo’s Deceptive Practices, but Eases up on a 2009 Sears Order

Feb. 28, 2018

Financial Firms Must Supervise Their IT Providers to Avoid CFTC Enforcement Action

Feb. 28, 2018

SEC Confirms Cyber Disclosure Expectations in New Guidance

Feb. 28, 2018

The GDPR’s Data Subject Rights and Why They Matter

Feb. 28, 2018

How South Korea Regulates Cryptocurrency and Why U.S. Lawyers and Investors Should Take Notice

Feb. 14, 2018

Dynamic Regulations and Shareholder Actions Guide the Board’s Shifting Role in Cyber (Part Two of Two)

Feb. 14, 2018

Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair

Feb. 14, 2018

NY AG and HHS Flex Regulatory Muscles in Recent Protected Health Information Breach Settlements

Feb. 14, 2018

Using Technology to Comply With the GDPR

Jan. 31, 2018

Biometric Data Protection Laws and Litigation Strategies (Part One of Two)

Jan. 31, 2018

Dynamic Regulations and Shareholder Actions Guide the Board’s Shifting Role in Cyber (Part One of Two)

Jan. 31, 2018

Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)

Jan. 17, 2018

A Practical Look at the GDPR’s Data Breach Notification Provision

Jan. 17, 2018

How Blockchain Will Continue to Revolutionize the Private Funds Sector in 2018

Jan. 17, 2018

Deadline Passes for DoD Contractors and Subcontractors to Provide “Adequate Security”: Are They Ready?

Dec. 20, 2017

Electronic Signatures: Implementation Considerations for the Financial Sector (Part Two of Two)

Dec. 20, 2017

Five Months Until GDPR Enforcement: Addressing Tricky Questions and Answers

Dec. 6, 2017

Electronic Signatures: Implementation Considerations for the Financial Sector (Part One of Two)

Dec. 6, 2017

Actions Under Biometric Privacy Laws Highlight Related Risks

Nov. 8, 2017

E.U. Data Regulators Weigh in on GDPR Prep in Asia and Across the Globe

Oct. 25, 2017

Survey Finds Cybersecurity Preparedness of Alternative Asset Managers to be Inadequate Relative to Traditional Asset Managers and Broker-Dealers

Oct. 25, 2017

Privacy Shield Survives First Annual Review

Oct. 11, 2017

Reconciling Data Localization Laws and the Global Flow of Information

Sep. 27, 2017

FTC Settlements in Privacy Shield Cases and With Lenovo Over Use of “Man-in-the-Middle” Software Highlight Vigorous Enforcement Efforts

Sep. 27, 2017

New Criteria for Employee Monitoring Practices in Light of ECHR Decision

Sep. 27, 2017

Deloitte Survey Shows Getting Skilled Cybersecurity Talent and Addressing Cyber Threats Among the Top Challenges for Financial Institutions

Sep. 13, 2017

Focus on Children’s Privacy by FTC and Plaintiffs Calls for Prioritizing COPPA

Aug. 23, 2017

Inside Advice on the Growing Cyber Insurance Market for the Financial Sector

Aug. 23, 2017

Implications and Analysis of the E.U.-Canada Data Sharing Agreement Rejection

Aug. 23, 2017

SEC Report Cites Cybersecurity Progress Along With Gaps in Training and Compliance

Aug. 9, 2017

What the Financial Sector Should Know to Recognize and Combat Cyber Threats (Part Two of Two)

Aug. 9, 2017

Nestlé Employee Convictions Highlight Interconnectivity of Chinese Data Privacy and Bribery Laws

Aug. 9, 2017

Identifying and Managing Third-Party Cybersecurity Risks for Asset Managers

Aug. 9, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part Two of Two)

Jul. 26, 2017

International Law Playing Cybersecurity Catch-Up (Part Two of Two)

Jul. 26, 2017

How the CCO Can Use SEC Guidance to Tackle Cyber Threats

Jul. 26, 2017

Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)

Jul. 12, 2017

Synthesizing New York and Colorado’s Trailblazing Data Security Regulations for Financial Firms

Jul. 12, 2017

Blockchain and the Financial Services Industry: Potential Impediments to Its Eventual Adoption (Part Three of Three)

Jul. 12, 2017

Navigating the Intersection of ERISA Fiduciary Duties and Cybersecurity Risk

Jun. 28, 2017

Three Takeaways From Congress’s Cross-Border Data Hearings

Jun. 28, 2017

Surveys Show Cyber Risk Remains High for Financial Services Despite Preventative Steps

Jun. 28, 2017

How Financial Service Providers Can Use Blockchain to Improve Operations and Compliance (Part Two of Three)

Jun. 14, 2017

Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It (Part One of Three)

Jun. 14, 2017

Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?

May 31, 2017

One Year Until GDPR Enforcement: Five Steps Companies Should Take Now

May 17, 2017

Tracking Data and Maximizing Its Potential

May 17, 2017

Executive Order on Cybersecurity Signed Amidst Massive Worldwide Ransomware Attack

May 3, 2017

Practical and Innovative Permissioning Within the Framework of Europe’s Upcoming Data Protection Regulations

May 3, 2017

SEC Officials Flesh Out Cybersecurity Enforcement and Examination Priorities (Part One of Two)

May 3, 2017

Infrastructure Cybersecurity Challenges: A View Through the Oil and Gas Pipeline Lens

May 3, 2017

European Data Protection Supervisor Offers Advice on Privacy Shield Review and GDPR Preparation

Apr. 19, 2017

Effective and Compliant Employee Monitoring (Part Two of Two)

Apr. 19, 2017

How to Ensure Cyber Risks Do Not Derail an IPO

Apr. 5, 2017

A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part Two of Two)

Apr. 5, 2017

Best Practices for Mitigating Compliance Risks When Investment Advisers Use Social Media

Apr. 5, 2017

Effective and Compliant Employee Monitoring (Part One of Two)

Mar. 22, 2017

A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part One of Two)

Mar. 8, 2017

What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations

Feb. 22, 2017

Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection

Feb. 22, 2017

Marsh and FireEye Take the Pulse of European Cybersecurity Climate

Feb. 8, 2017

How Fund Managers Can Prepare for Investor Cybersecurity Due Diligence

Feb. 8, 2017

Lessons From the Continued Uptick in HIPAA Enforcements

Feb. 8, 2017

Getting to Know the DPO and How to Adapt Corporate Structure to Comply With GDPR Requirements for the Role (Part Two of Two)

Jan. 25, 2017

Triaging Security Projects in the Current Legal Landscape

Jan. 25, 2017

Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation

Jan. 25, 2017

Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)

Jan. 25, 2017

FINRA Emphasizes the Importance of Proper Electronic Record Storage in Enforcement Actions

Jan. 11, 2017

Ten Cybersecurity Priorities for 2017

Jan. 11, 2017

FTC Priorities for 2017 and Beyond

Jan. 11, 2017

Privacy, Security Risks and Applicable Regulatory Regimes of Smart TVs

Jan. 11, 2017

The Sword of Damocles in the Information Age: How to Face the New Challenges Under the Chinese Cybersecurity Law

Dec. 14, 2016

Navigating Data Privacy Laws in Cross-Border Investigations

Dec. 14, 2016

Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity

Dec. 14, 2016

FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer

Dec. 14, 2016

Advice From Compliance Officers on Getting the C-Suite to Show You the Money for Your Data Privacy Program

Nov. 16, 2016

Navigating U.S. and E.U. Cybersecurity Requirements

Nov. 16, 2016

WilmerHale Attorneys Explain the Evolving Cybersecurity Environment of the Energy Sector

Nov. 2, 2016

Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty

Oct. 5, 2016

Examining Newly Released Privacy and Security Guidance for the Fast-Driving Development of Autonomous Cars

Oct. 19, 2016

SEC Emphasizes Protecting Information From More Than Just Cyber Threats in Deutsche Bank Case

Oct. 19, 2016

How the Financial Services Industry Can Handle Cybersecurity Threats, Acquisition Diligence and Breach Response

Oct. 5, 2016

FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms

Sep. 21, 2016

Managing Data Privacy Challenges While Conducting Due Diligence and Investigations in China (Part Two of Two)

Sep. 21, 2016

Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation

Sep. 7, 2016

Understanding Data Privacy and Cybersecurity in China (Part One of Two)

Sep. 7, 2016

Navigating Online Identity Management’s Risks and Regulations

Aug. 3, 2016

Is Pokémon Go Pushing the Bounds of Mobile App Privacy and Security?

Aug. 3, 2016

Procedures for Hedge Fund Managers to Safeguard Trade Secrets From Rogue Employees

Aug. 3, 2016

Second Circuit Quashes Warrant for Microsoft to Produce Email Content Stored Overseas

Jul. 20, 2016

Challenges Facing Chief Privacy Officers

Jul. 20, 2016

How the Financial Services Industry Can Manage Cyber Risk

Jul. 20, 2016

Key Requirements of the Newly Approved Privacy Shield

Jul. 6, 2016

Enforcing Consumer Consent: FTC Focuses on Location Tracking and Children’s Privacy

Jul. 6, 2016

Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow

Jul. 6, 2016

How Will Brexit Affect U.K. Data Protection and Privacy Laws?

Jun. 22, 2016

Morgan Stanley Action Signals SEC’s Continued Enforcement of Safeguards Rule

May 11, 2016

SEC Teaches Broker-Dealer a Lesson About Keeping Business Emails Secure

Apr. 27, 2016

Mitigating the Risks of Using Social Media in the Workplace

Apr. 27, 2016

Federal Judge Offers Advice on Litigating Data Privacy, Security Breach and TCPA Class Action Suits

Apr. 27, 2016

Designing Privacy Policies for Products and Devices in the Internet of Things

Apr. 13, 2016

Ten Steps to Minimize Data Privacy and Security Risk and Maximize Compliance

Mar. 30, 2016

Securing Connected Medical Devices to Ensure Regulatory Compliance and Customer Safety (Part One of Two)

Mar. 30, 2016

Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

Mar. 30, 2016

In-House and Outside Counsel Offer Strategies for Navigating the TCPA, Avoiding Litigation and Responding to Breaches

Mar. 16, 2016

Making Sense of Cybersecurity and Privacy Developments in the E.U.

Mar. 16, 2016

How Financial Service Providers Can Address Common Cybersecurity Threats

Mar. 2, 2016

Synthesizing Breach Notification Laws in the U.S. and Across the Globe

Mar. 2, 2016

Expert Advice on Newly Effective NFA Cybersecurity Requirements for Market Participants

Feb. 17, 2016

Deal Struck to Maintain the Transatlantic Data Flow

Feb. 17, 2016

HIPAA Privacy Rule Permits Disclosures to Firearm Background Check System

Feb. 17, 2016

White House Lays Out Its Broad Cybersecurity Initiatives

Feb. 17, 2016

Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part Two of Two)

Feb. 3, 2016

Safe Harbor 2.0 Agreement Reached

Feb. 3, 2016

Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part One of Two)

Jan. 20, 2016

Navigating FCA and SEC Cybersecurity Expectations (Part Two of Two)

Jan. 20, 2016

What OFAC’s New Cyber-Related Sanctions Regulations Mean for Companies

Jan. 20, 2016

The E.U.’s New Rules: Latham & Watkins Partner Gail Crawford Discusses the Network Information Security Directive and the General Data Protection Regulation

Jan. 6, 2016

Opportunities and Challenges of the Long-Awaited Cybersecurity Act of 2015

Jan. 6, 2016

Keeping Up with Technology and Regulatory Changes in Online Advertising to Mitigate Risks

Jan. 6, 2016

FTC Director Analyzes Its Most Significant 2015 Cyber Cases and Provides a Sneak Peek Into 2016

Jan. 6, 2016

How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)

Jan. 6, 2016

Cybersecurity and Whistleblowing Converge in a New Wave of SEC Activity

Jan. 6, 2016

Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)

Dec. 9, 2015

Year-End HIPAA Settlements May Signal More Aggressive Enforcement by HHS

Dec. 9, 2015

The Multifaceted Role of In-House Counsel in Cybersecurity

Dec. 9, 2015

How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Snapshot of the Regulatory Landscape (Part One of Two)

Nov. 11, 2015

What Companies Can Learn from Cybersecurity Resources in Pittsburgh

Nov. 11, 2015

New NFA Notice Provides Cybersecurity Guidance to Futures and Derivatives Market

Nov. 11, 2015

Liability Lessons from Data Breach Enforcement Actions

Nov. 11, 2015

California Law Enforcement Faces Higher Bar in Acquiring Electronic Information

Oct. 28, 2015

Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

Oct. 28, 2015

How the Department of Commerce Can Help Companies Address Cybersecurity and Corruption Concerns

Oct. 28, 2015

Privacy and Data Security Considerations for Life Sciences and Health Technology Companies (Part Two of Two)

Oct. 28, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

Oct. 28, 2015

Federal Courts Offer a Modern Interpretation of the VHS-Era Video Privacy Protection Act

Oct. 14, 2015

Dangerous Harbor: Analyzing the European Court of Justice Ruling

Oct. 14, 2015

Privacy and Data Security Considerations for Life Sciences and Health Technology Companies (Part One of Two)

Oct. 14, 2015

Mastercard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

Sep. 30, 2015

What the OCIE Cybersecurity Risk Alert Means for Investment Advisers and Broker-Dealers

Sep. 30, 2015

Investment Adviser Penalized for Weak Cyber Polices; OCIE Issues Investor Alert

Sep. 16, 2015

How the Legal Industry Is Sharing Information to Combat Cyber Threats

Sep. 16, 2015

Learning from the Target Data Breach About Effective Third-Party Risk Management (Part One of Two)

Aug. 26, 2015

Seeking Solutions to Cross-Border Data Realities

Aug. 26, 2015

FTC Weighs In on the Security of Health Care Data on the Cloud

Aug. 26, 2015

The Development of E-Currency and Its Potential Impact on the Future

Aug. 12, 2015

Navigating the Evolving Mobile Arena Landscape (Part Two of Two)

Aug. 12, 2015

Can an Employee Be Liable for Inadvertently Providing Security Details to a Fraudulent Caller?

Jul. 15, 2015

Understanding and Mitigating Liability Under the Children’s Online Privacy Protection Act

Jul. 1, 2015

SEC Commissioner Says Public-Private Partnership Is Key to Effective Cybersecurity

Jul. 1, 2015

Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part Two of Two)

Jul. 1, 2015

What Companies Need to Know About the FCC’s Actions Against Unwanted Calls and Texts

Jul. 1, 2015

Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)

Jun. 17, 2015

Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part One of Two)

Jun. 3, 2015

Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans

May 20, 2015

After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?

May 20, 2015

Analyzing and Mitigating Cybersecurity Risks to Investment Managers (Part Two of Two)

May 6, 2015

Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)

May 6, 2015

Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks

Apr. 22, 2015

Steps to Take Following a Healthcare Data Breach

Apr. 22, 2015

Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry

Apr. 8, 2015

ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data

Apr. 8, 2015

The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions

Most-Read Articles

Feb. 17, 2021
Big Questions for BIPA Case Law in 2021
- Biometrics
Feb. 10, 2021
What the New Information Security Reporting Standards Mean for Financial Institutions
- Financial Services Regulation
Jan. 13, 2021
Cybersecurity Resolutions for 2021
- Operations
Feb. 10, 2021
A Fake Zoom Invite Hack: What Happened and Three Lessons
- Phishing
Feb. 3, 2021
How to Prevent and Handle Disputes Over Ransomware Insurance Claims
- Cyber Insurance

Webinar on Getting a Handle on Vendor Contracts

On March 10, 2021, at 10:00 a.m. PST/1:00 p.m. EST the Cybersecurity Law Report and Sentinel LLP will co-host a webinar to delve into the challenges of a third-party risk management program from the controller’s perspective. Among other things, the panelists will discuss the legal and risk landscape, understanding who qualifies as a third party, keeping track of the universe of vendor contracts, important contract terms and ongoing compliance and monitoring. The program will feature Sentinel co-founder and President Aaron Weller and the Cybersecurity Law Report’s Senior Editor Jill Abitbol. To register for this complimentary program, please click here.

Cybersecurity Resolutions for 2021

In this quick take video, we talk about some of our cybersecurity resolutions for 2021.

H&M’s Data Protection Fine

In this short video, we discuss Germany’s highest GDPR fine so far in a case against H&M relating to their mishandling of sensitive employee data. The full article on the case is here.

CSLR Q3 Editorial Update

Register here to view the complimentary recording.

Apple App Privacy Policy Makes Waves

Summer 2020 Editorial Update

Register here to view the complimentary recording or here for an audio version.

CCPA and Third Parties

Editor-in-Chief Rebecca Hughes Parker discusses the California Attorney General’s final CCPA regulations and their effect on contracts with vendors in this video.