Photo of Catherine Castaldo

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy.Continue Reading Cybersecurity preparedness: What guidance to follow?

On 26 November 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), together with the UK’s National Cyber Security Centre (NCSC), published joint ‘Guidelines for Secure AI System Development’ (the Guidelines).

The Guidelines were formulated by CISA and the NCSC, in cooperation with 21 other international agencies and ministries, as well as industry experts.Continue Reading UK & US cybersecurity agencies release new ‘Guidelines for Secure AI System Development’

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day.

What’s new in data protection in the EU

It has been a busy few weeks in the EU for all things data protection, particularly data transfers. Cynthia O’Donoghue and Andy Splittgerber walk us through the new Standard Contractual Clauses (SCCs) for international transfers and for controllers to processors, the newly issued EDPB Supplementary Measures Recommendations, and the UK adequacy decision. (18 mins)

M365 in 5: Compliance and governance in M365

E-Discovery consultant Lighthouse returns to our M365 in 5 series for a discussion about the importance of compliance and governance in M365 and collaboration among stakeholders to balance risk and business needs. Reed Smith’s Anthony Diana and Therese Craparo join Lighthouse’s John Holliday to discuss implementing controls and managing data to mitigate risk. (8 mins)Continue Reading Tune in for the latest updates on our Tech Law Talks podcast

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day.

On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data

A new proposed federal rule, “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers,” could impose accelerated notification requirements on banking organizations and their service providers when notification incidents (as defined in the proposed rule) occur.

The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal