Features
Karun Mahadevan
&
Antonio Chelala
This two-part series summarizes modern security practices as advised by NIST’s latest guidelines, a framework that prioritizes proactive, resilient and user-friendly strategies. Part One of the series, published in last month’s issue, offered 10 must-know tips to improve personal cybersecurity; Part Two shares 10 tips to take your firm or organization’s security from good to great.
Features
Matthew Baker
&
Nick Palmieri
&
Justin Bryant
In a show of continuity between administrations, the Biden-era Executive Order 14117 — designed to restrict foreign access to Americans’ most sensitive personal data — has been allowed to take effect in the second Trump administration.The Department of Justice’s implementing regulation for this Order, finalized in late December 2024, became enforceable in April 2025.
Features
Matt Winlaw
In today’s digital-first business environment, legal departments are confronting an unprecedented escalation of risk. Cyberattacks are growing more frequent and sophisticated. Regulatory complexity is expanding across jurisdictions. And the pressure to respond quickly — without compromising accuracy or trust — is mounting.
Features
Brandon Hollinder
The wave of cyberattacks and data breaches has turned information governance from a compliance afterthought into a required business function. Yet, despite well-publicized threats and skyrocketing costs associated with cyber incidents, most companies remain both underinsured and fundamentally underprepared.
Features
Karun Mahadevan
&
Antonio Chelala
In the modern digital landscape, both personal and organizational cybersecurity are more critical than ever. This two-part series summarizes modern security practices as advised by the National Institute of Standards and Technology’s latest guidelines, a framework that prioritizes proactive, resilient and user-friendly strategies. Part one of the series offers 10 must-know tips for personal cybersecurity. Part Two will share 10 tips to take your firm/organization’s security from good to great.
Features
Ryan Steidl
While the amount of AI legislation introduced in various states is relatively limited, the scope of issues being legislated is quite broad. Despite the many uncertainties that remain to be clarified, there are actually many parallels between how data privacy laws took shape five years ago, and how AI legislation is developing today.
Features
Chris O'Malley
Chief information officers still bear the brunt of cybersecurity worries at many companies. But a study by the Association of Corporate Counsel Foundation finds that chief legal officers are increasingly taking a leadership role in cybersecurity strategy.
Features
Alec Koch
&
Carmen Lawrence
&
Aaron Lipson
&
Bill Johnson
When the SEC issues the next annual enforcement report for fiscal year 2025, we expect securities offering actions and investment adviser actions will almost certainly be up, and the “crypto” and “cyber” cases will almost certainly be down. Public statements by the new SEC administration have said as much, but even more telling than public statements are the allocation of limited enforcement resources.
Features
Peter Brown
As online platforms become more sophisticated, so do the tactics designed to manipulate user behavior. Among these, “dark patterns” have emerged as a particularly concerning phenomenon. This article explores the different types of dark patterns prevalent online, examines how they affect consumers and businesses, and analyzes the legal frameworks emerging to combat these practices in Connecticut the EU.
Features
Michael Bahar
&
Pooja Kohli
&
Rachel May
While change is a constant in the privacy, security and technology arena, 2025 is poised to be a landmark year. New technologies will continue to radiate through the economy — and our lives — while the new Trump Administration is likely to emphasize innovation over protection, reward maximization over risk minimization, and incentivizing over enforcing.
