Compliance, Enforcement, and Risk Management Posts

Strategies for Complying With Privacy Laws While Collecting Employee Information Regarding the Coronavirus

, , and

Most companies must collect and use information about their employees’ travel plans and health conditions to protect their workforce from the spread of coronavirus disease 2019 (“COVID-19”). This memorandum addresses strategies for U.S. companies to comply with various privacy laws in connection with these activities.

What the Last Year of Cyber Enforcement Tells Us About the FTC’s Compliance Expectations


With 2019 coming to a close, we wanted to take a look at what can be learned from the FTC’s cybersecurity enforcement actions this year. As we have previously noted, the FTC came under criticism last year in the LabMD decision for not providing companies with sufficient clarity as to what it expects in terms of their cybersecurity measures.

DOJ Announces Revised Export Control and Sanctions Enforcement Policy for Companies, Including Financial Institutions

, , , , , , , , and

On December 13, the U.S. Department of Justice’s National Security Division announced a new policy designed to encourage business organizations to make voluntary self-disclosures to the DOJ in connection with potentially willful export control and economic sanctions violations.

Another Look at Third-Party Management: Why We’re Missing 31% of Material Risks

Privacy regulators increasingly are prescribing rules around third-party vendor and data processing management. As of March 1, 2019, for instance, New York’s Department of Financial Services (NYDFS) requires that Covered Entities establish policies and procedures for assessing the risks posed by vendors, determining minimum cybersecurity and privacy practices, conducting due diligence, and following up with periodic assessments.