T his year, the compliance landscape is shifting on multiple fronts. Seven new U.S. state-level privacy laws are taking effect, the U.S. Department of Health and Human Services is proposing major changes to HIPAA—the most significant since 2013, and the EU AI Act is introducing sweeping new governance requirements for Read More
The Consumer Financial Protection Bureau announced that it has sued Bank of America, JPMorgan, Wells Fargo, and the operator of Zelle, Early Warning Services, for failing to protect consumers from widespread fraud. Zelle is America’s most widely available payment network. According to the lawsuit, customers of the three banks have Read More
W e all know about the great migration to “work from home” that occurred during COVID-19 pandemic starting in 2020 and lasting into 2021 and 2022. While many organizations have moved employees back to the office for some or part of the work week, the remote work movement has remained Read More
I t has been said that if a butterfly flaps its wings in the Serengeti, it can change the climate half a world away. Similarly, if an EU regulator enacts regulation in the EU Commission, it can have a major impact as far away as the United States. We saw Read More
T he Securities and Exchange Commission has charged four public companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The charges against the four companies—Unisys, Avaya, Check Point Software, and Mimecast—result from an investigation involving public companies impacted by the compromise of SolarWinds’ Orion software. The SEC also Read More
T he U.S. Department of Defense issued final rules for its Cybersecurity Maturity Model Certification (CMMC) Program, which is indented to ensure that defense contractors meet standards for safeguarding sensitive information. The CMMC Program aligns with the DoD’s existing information security requirements for private sector defense contractors. It is designed Read More
The Securities and Exchange Commission announced that it settled charges against New York-based registered transfer agent Equiniti Trust Company LLC, , for failing to assure that client securities and funds were protected against theft or misuse. Those failures led to the loss of more than $6.6 million of client funds Read More
After having nearly all of its customers’ records breached, AT&T is facing a class action lawsuit alleging that the cellular company failed to implement adequate cybersecurity procedures and protocols. The class action is taking place in Texas, Montana and New Jersey federal courts. The lawsuit arises out of an incident Read More
According to a 2024 Cybersecurity Benchmarking Survey, 45 percent of surveyed compliance personnel from asset management, investment adviser and private market firms have expressed concerns about how the Securities and Exchange Commission (SEC) will enforce its newly developed cybersecurity rules. The ACA Group and National Society of Compliance Professionals released Read More
The U.S. Department of Health and Human Services announced a $100,000 settlement with Doctors’ Management Services for failures to determine the potential risks and vulnerabilities to electronic protected health information after a cyberattack exposed the information of more than 200,000 patients. It is notable in that it is the first Read More
