Harvard Corporate Governance

AUGUST 17, 2023

The Securities and Exchange Commission (SEC) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure on July 26, 2023. Still, disclosure can seem a daunting prospect if your company’s cybersecurity program won’t withstand investor scrutiny. This post is based on their PwC memorandum.

Compliance 130

Compliance 130

Harvard Corporate Governance

SEPTEMBER 25, 2023

Although there is not one correct approach for overseeing AI risks, boards of companies that rely on AI for material products, services or operations (or relevant committee members) may want to consider receiving training on AI and associated risks, as well as management reports on the company’s use of AI.

Marketability 329

Marketability 329

Law 360 M&A

FEBRUARY 1, 2024

As law firms face ever-increasing risks of cyberattacks and ransomware incidents, the legal industry must implement robust cybersecurity measures and privacy-centric practices to preserve attorney-client privilege, safeguard client trust and uphold the profession’s integrity, says Ryan Paterson at Unplugged.

95

95

Harvard Corporate Governance

DECEMBER 30, 2022

Trust, Risk, and Opportunity: Overseeing a Comprehensive Data and Privacy Strategy. Tags: Cyber-risk , Cybersecurity , Data Governance , Data Privacy , Databases , Privacy. Posted by Maria Castañón Moats, Barbara Berlin, and Joseph Nocera, PricewaterhouseCoopers LLP, on Monday, December 26, 2022. Posted by Matthew C.

189

189

Cooley M&A

JULY 19, 2019

While some may view this as the ICO simply continuing to flex its muscle (in light of news of a £183M (approximately $123M) British Airways fine a day earlier), the Marriott fine and others likely to follow could have significant implications on future M&A transactions involving cybersecurity and data privacy matters.

Compliance 52

Compliance B2B Start-ups Marketability 52

Mckinsey and Company

SEPTEMBER 15, 2022

Consumer faith in cybersecurity, data privacy, and responsible AI hinges on what companies do today—and establishing this digital trust just might lead to business growth.

101

101

Law 360 M&A

JUNE 26, 2023

Attorneys are the weakest link in their firms' cyberdefenses because hackers often exploit the gap between individuals’ work and personal cybersecurity habits, but there are some steps lawyers can take to reduce the risks they create for their employers, say Mark Hurley and Carmine Cicalese at Digital Privacy & Protection.

75

75

Harvard Corporate Governance

MARCH 19, 2023

In recent years, however, these programs have become larger and more deeply integrated with companies’ core business strategies, including strategies for avoiding risks, such as those presented by gender and racial discrimination claims, the impacts of climate change, and cybersecurity and privacy gaps.

260

260

Harvard Corporate Governance

APRIL 22, 2022

Tags: Audit committee , Audits , Boards of Directors , Cybersecurity , ESG , Financial technology , Privacy , Risk , Risk management , Risk oversight.

Equity 205

Equity Marketability Technology 205

Law 360 M&A

APRIL 17, 2023

Allen & Overy LLP said Monday it is continuing to expand its presence stateside with the addition of a cybersecurity and privacy expert as a new partner to lead the firm's U.S. privacy and data security practice based out of its Silicon Valley office.

52

52

Mckinsey and Company

SEPTEMBER 13, 2022

Consumer faith in cybersecurity, data privacy, and responsible AI hinges on what companies do today—and establishing this digital trust just might lead to business growth.

71

71

John Jenkins

JULY 9, 2023

The intro to the guide explains that screening activities have expanded in many jurisdictions to cover considerations related to cybersecurity, consumer protection, data privacy, supply chain and strategic sectors, and governments are increasingly willing […]

56

56

Deal Law Wire

JULY 13, 2023

Some important advice for companies looking to purchase AI in a recent Lexpert article authored by our Head of Technology and Co-Head of Information Governance, Privacy and Cybersecurity Imran Ahmad , Associate Roxanne Caron , and Associate Suzie Suliman.

Technology 52

Technology 52

Sun Acquisitions

MARCH 20, 2024

Cybersecurity Due Diligence As technology advances, the importance of cybersecurity in M&A transactions also increases. Buyers must assess the target company’s cybersecurity posture to identify potential vulnerabilities and risks. Technology is undeniably transforming the landscape of mergers and acquisitions.

Technology 59

Technology Compliance Marketability 59

Audit Board

JUNE 30, 2023

Cybersecurity The U.S. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies. Department of Labor (DOL) has announced new cybersecurity guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA).

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

Cybersecurity The U.S. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies. Department of Labor (DOL) has announced new cybersecurity guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA).

Compliance 52

Compliance 52

Law 360 M&A

MAY 13, 2022

Jenner & Block LLP has added seven partners to the leadership of its data privacy and cybersecurity, corporate and professional responsibility practices, the firm announced Thursday.

52

52

Harvard Corporate Governance

AUGUST 26, 2022

Tags: Coinbase , Cryptocurrency , Cybersecurity , Insider trading , Liability standards , SEC , SEC enforcement , Securities enforcement , Securities regulation.

218

218

Audit Board

OCTOBER 26, 2023

In an era where cyber threats are omnipresent, businesses and individuals are investing heavily in cybersecurity insurance to safeguard against potential financial losses. However, cybersecurity insurance policies are not a foolproof method for transferring risk. What Is Cybersecurity Insurance?

Compliance 52

Compliance 52

Deal Law Wire

AUGUST 3, 2022

A few key areas to consider while conducting due diligence for an AI Transaction include data, cybersecurity, privacy, and intellectual property rights. Cybersecurity and Privacy. It is also important to note that legislation governing data privacy may soon change.

Technology 52

Technology Compliance 52

Audit Board

SEPTEMBER 29, 2023

In addition to financial penalties and disruption to the business, cybersecurity breaches cause reputational damage that can seriously harm the business. In addition, escalating IT compliance risk — exemplified by the recent passage of the SEC’s new cybersecurity disclosure rules in the U.S.

Compliance 52

Compliance Technology Finance Marketability 52

Audit Board

JANUARY 4, 2023

The United States is trying to catch up with the global data privacy laws passed in recent years. has struggled to pass its version called the American Data Privacy and Protection Act (ADPPA). Passing separate privacy laws is creating compliance issues for companies based or doing business in these states.

Compliance 52

Compliance B2B 52

ThomsonReuters

APRIL 22, 2021

EBSA: Cybersecurity Program Best Practices; Tips for Hiring a Service Provider With Strong Cybersecurity Practices; Online Security Tips; News Release (Apr. A news release indicates that this is the first time EBSA has issued cybersecurity guidance. Best Practices. Hiring Tips. Online Tips. News Release. Hiring Tips.

Compliance 92

Compliance 92

Audit Board

AUGUST 28, 2022

Investing in your team’s skills and professional development via privacy education and certifications can help your company create a sustainable competitive differentiator while also retaining key individuals. . Why Invest in Privacy Education for Your InfoSec Team? Six Top Privacy Certifications. private sector.

Technology 52

Technology Compliance Marketability 52

M&A Leadership Council

AUGUST 24, 2023

The Art of M&A® / Due Diligence: Detecting Cybersecurity Risk An excerpt from The Art of M&A, Fifth Edition: A Merger, Acquisition, and Buyout Guide by Alexandra Reed Lajoux Editor’s Note: A growing number of M&A professionals are pursuing the Certified M&A Specialist , or CMAS ® credential.

Mergers & Acquisitions 52

Mergers & Acquisitions Technology 52

ThomsonReuters

FEBRUARY 4, 2021

HHS’s Office for Civil Rights (OCR) has issued a report describing its 2016–17 audit program, which reviewed covered entities’ and business associates’ compliance with certain HIPAA privacy, security, and breach notification rules (see our Checkpoint article ). Few covered entities complied with individual access rights.

Compliance 52

Compliance 52

ThomsonReuters

MARCH 16, 2023

EBIA Comment: The reports include important data from the HIPAA complaints investigated, highlight areas of noncompliance, and provide insights into trends such as cybersecurity readiness. Contributing Editors: EBIA Staff.

Compliance 59

Compliance 59

John Jenkins

SEPTEMBER 9, 2022

This Norton Rose Fulbright blog provides an overview of the data, cybersecurity & privacy, and intellectual […] But like any emerging technology, the use of AI in a target’s business raises a bunch of issues that buyers need to address during the due diligence process.

Technology 40

Technology 40

Harvard Corporate Governance

JULY 22, 2022

Tags: Antitrust , Corporate Social Responsibility , Cybersecurity , ESG , GDPR , Privacy , Risk disclosure , Social media , Tech companies.

Marketability 205

Marketability 205

Reynolds Holding

DECEMBER 4, 2022

A new and potentially significant tool in regulatory enforcement is emerging for executives whose companies suffer a cybersecurity incident. Instead, where their actions—or inaction—related to cybersecurity are deemed egregious, company executives may be held personally liable. [2] million consumers’ personal information. [1].

Finance 45

Finance Technology Marketability 45

Audit Board

JUNE 15, 2023

In the field of cybersecurity, risk management, and compliance, there are a collection of acronyms that you’ll hear often enough. This article will discuss NIST in detail, focusing on the NIST Cybersecurity Framework , or NIST CSF. The NIST CSF has five central functions: Identify, Protect, Detect, Respond, and Recover.

Technology 52

Technology Compliance Start-ups Finance 52

ThomsonReuters

JUNE 23, 2022

In addition to the HIPAA security rule, the SRA Tool draws from several sources, including publications issued by the National Institute of Standards and Technology (NIST), the NIST cybersecurity framework (see our Checkpoint article ), and—new for this version—Technical Volume 1 of the Health Industry Cybersecurity Practices (HICP).

Compliance 98

Compliance Technology 98

John Jenkins

MARCH 21, 2022

This Proskauer blog discusses how the EU’s robust enforcement of cybersecurity and privacy regulations are increasing the risk of liability to PE fund sponsors & corporate parents for activities of their portfolio companies and subsidiaries.

40

40

ThomsonReuters

NOVEMBER 23, 2022

October 2022 OCR Cybersecurity Newsletter: HIPAA Security Rule Security Incident Procedures (Oct. OCR has released its latest cybersecurity newsletter on the importance of having policies and procedures to detect and respond to security incidents. Available at [link]. 6 (“Standard: Security Incident Procedures”).

Compliance 52

Compliance 52

ThomsonReuters

AUGUST 11, 2022

When developing security measures consistent with these implementation specifications, you may wish to consider the Health Industry Cybersecurity Practices (HICP) developed by a task group convened by HHS. In technical volumes, the HICP identifies “best practices” to mitigate security threats.

97

97

ThomsonReuters

JUNE 8, 2023

Indeed, the HHS press release cautions HIPAA covered entities and their business associates to “improve their efforts” to identify, deter, protect against, detect, and respond to cybersecurity threats and malicious actors.

Compliance 52

Compliance 52

ThomsonReuters

APRIL 15, 2021

EBIA Comment: Although this case involved identity theft, the court’s analysis did not specifically address cybersecurity standards. For more information, see EBIA’s 401(k) Plans manual at Sections XII.L (“Account Theft and Cybersecurity”) and XXIV.G.2 2 (“Selecting and Monitoring Service Providers”). Contributing Editors: EBIA Staff.

Banking 52

Banking 52