As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel must navigate a rapidly evolving landscape of legal and regulatory requirements. This National Privacy Day, it’s crucial to spotlight emerging issues in workplace technology
Cybersecurity
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data. These situations can severely impact a business, especially when departing employees abscond with confidential business information or trade secrets. Focusing on how the theft…
FAQs for Schools and Persons Affected By the PowerSchool Data Breach
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50 million students in the United States. According to reports, PowerSchool informed customers that, on December 28, 2024, PowerSchool became aware of…
AI versus MFA
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find multifactor authentication (MFA) at or near the top of every list. Government agencies responsible for helping to protect the U.S. and its information systems and assets…
Israel’s GDPR-like Legislation Set to Take Effect in 2025
In 2024, Israel became the latest jurisdiction to enact comprehensive privacy legislation, largely inspired by the EU’s General Data Protection Regulation (“GDPR”). On August 5, 2024, Israel’s parliament, the Knesset, voted to approve the enactment of Amendment No. 13 (“the Amendment”) to the Israel Privacy Protection Law (“IPPL”). The amendment which will take effect on…
Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks. Perhaps the most significant reason these risks remain: third-party service providers or vendors.
For most businesses, particularly small to medium-sized businesses, service providers…
Failure to Safeguard, Two Cyber Intrusions, and an $850,000 SEC Settlement
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use. Failure to comply with such obligations can lead to significant financial and reputational harm.
In a recent settlement agreement with the SEC, a New York-based registered transfer agent, Equiniti Trust Company LLC, formerly known as American Stock Transfer &…
Exploring AI Risks Reported in SEC Filings Can Be Helpful For Many Organizations, Including SMBs
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address the specific risks identified in those SEC filings. We discuss them briefly here as they are risks…
DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release…
Think About Why Fortune 500 Companies Are Citing AI Risks in Their SEC Filings
While the craze over generative AI, ChatGPT, and the fear of employees in the professions landing on breadlines in the imminent future may have subsided a bit, many concerns remain about how best to use and manage AI. Of course, these concerns are not specific to Fortune 500 companies.
A recent story in CIODive reports…