Blog, Compliance and Due diligence - Legal Tech Connection

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

Debevoise Data Blog

MAY 28, 2025

On April 11, 2025, shortly after the first effective date of the DSP the National Security Division (NSD) of DOJ issued asuite of three policy and guidance documents to facilitate compliance with the DSP, including a 90 day civil enforcement safe harbor for good-faith compliance. Intelligence Community.

Compliance

Compliance Due diligence Time-tracking Federal law

GDPR Considerations When Developing and Deploying AI Models: The EDPB’s Opinion on Compliance

Debevoise Data Blog

APRIL 14, 2025

The Opinion provides high-level views and considerations for DPAs to apply when assessing GDPR compliance associated with developing or deploying AI models, and provides a helpful indication on the EDPBs thought trajectory. Undertaking due diligence on the AI model/system providers data protection compliance.

Compliance

Compliance Due diligence Data protection Defendant

The European Union’s Digital Services Act: In Force from This Saturday, February 17, 2024, Including for U.S. Intermediaries (Guest Blog Post)

Eric Goldman

FEBRUARY 15, 2024

Marketa Trimble [Eric’s introductory note: I briefly addressed the DSA in this blog post , along with the attached meme. The application of some DSA provisions will likely be tested with respect to their compliance with the EU Charter of Fundamental Rights , such as the “crisis response mechanism” under DSA Article 36.

Due diligence

Due diligence Data protection Compliance Court

Webinars

Prep with Purpose: How to Build Better Trial Binders

MORE WEBINARS

Exploring the Future of Legal Innovation at The Masters Conference: Thought Leadership in D.C. and Social Media in Discovery and Investigations

CloudNine

APRIL 15, 2025

For this blog, Im focusing on the session that explored the power and process of social media collection and analysis, which stood out as particularly timely and impactful. The session on social media was titled Unlocking Social Media Data, sponsored by SMI Aware, and examined the investigative value of social media evidence.

e-discovery

e-discovery Due diligence e-filing Compliance

Part 2 – Helpful Guidance on Managing (Non-Cybersecurity) AI Risks from Hong Kong’s SFC

Debevoise Data Blog

NOVEMBER 21, 2024

Cross-Functional Approach: Senior management should ensure that responsible staff from the business, risk, compliance and technology functions can effectively manage the LC’s adoption and implementation of AI LMs by possessing the relevant competence in AI, data science, model risk management, and domain expertise.

Compliance

Compliance Due diligence Law Law

FTC’s Consent Order Against Marriott: Expectations for Reasonable Security

Debevoise Data Blog

JANUARY 30, 2025

In this blog post, we discuss key provisions in the Consent Order, which not only underscore the FTCs expectations for (and enforcement of) reasonable security practices in the absence of specific regulations but also highlight the added compliance burden that companies may face in an enforcement action. For instance, the U.S.

Due diligence

Due diligence Compliance Software Attorney

Streamlining Procurement: How RFPs Benefit Corporate Legal Teams and Law Firms

MatterSuite

JUNE 19, 2023

Legal RFPs help evaluate and select service providers based on expertise, experience, geographic reach, pricing, and compliance. In this blog post, we’ll discuss the benefits of RFPs for legal teams and firms for effective procurement. This process eliminates the need for lengthy discussions and negotiations, which saves time.

Law firm

Law firm Due diligence Compliance Law

Top 10 (Well, 11) Cybersecurity Blog Posts for 2024

Debevoise Data Blog

DECEMBER 10, 2024

As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already a Blog subscriber, click here to sign up. Although compliance is voluntary, the Framework is increasingly used by regulators like the FTC and SEC as a benchmark for cybersecurity maturity.

Compliance

Compliance Due diligence Law Law

European Data Protection Roundup – January 2025

Debevoise Data Blog

FEBRUARY 28, 2025

The Italian DPA opened an investigation into DeepSeek for possible GDPR non-compliance associated with its AI chatbot services data collection and processing activities. UK ICO acts on cookie compliance. DeepSeek investigated by Italian DPA over AI chatbot data collection practices.

Data protection

Data protection Compliance Due diligence Time-tracking

Helpful Guidance on Managing AI-Related Cybersecurity Risks from Hong Kong’s SFC

Debevoise Data Blog

NOVEMBER 18, 2024

It addresses both AI-related cybersecurity risks, which we cover in this blog post, and other AI governance and operational risks, which we will cover in an upcoming post. The authors would like to thank Debevoise Law Clerks Diane Bernabei and Adam Shankman for their contribution to this blog post.

Intellectual Property

Intellectual Property Due diligence Compliance Machine learning

PCI Compliance for Law Firms: A Comprehensive Guide

MatterSuite

MAY 25, 2023

PCI compliance, which stands for Payment Card Industry Data Security Standard, is a set of security standards designed to protect cardholder data and ensure secure payment card transactions. Consequently, law firms may handle payment card information, making PCI compliance essential.

Compliance

Compliance Law firm Law Law

The SEC’s New Risk Alert Warns about the Use of Alternative Data

Debevoise Data Blog

MAY 1, 2022

On April 26, 2022, the Division of Examinations (“EXAMS”) of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert titled “ Investment Adviser MNPI Compliance Issues ” (“Risk Alert”) on the use of alternative data.

Due diligence

Due diligence Failure-to-appear Compliance Law

Managing Legal Risks: Strategies for In-House Legal Counsel

MatterSuite

JULY 31, 2023

This blog post explores strategies for in-house legal counsel to manage legal risks effectively and safeguard the interests of organizations. By staying informed, legal counsel can identify potential risks and take proactive measures to ensure compliance. Integrate compliance efforts effectively into the company’s operations.

Due diligence

Due diligence Intellectual Property Compliance Data protection

Managing Legal Risks: Strategies for In-House Legal Counsel

MatterSuite

JULY 9, 2023

This blog post explores strategies for in-house legal counsel to manage legal risks effectively and safeguard the interests of organizations. By staying informed, legal counsel can identify potential risks and take proactive measures to ensure compliance. As companies face increasing regulatory scrutiny and potential legal challenges.

Due diligence

Due diligence Intellectual Property Compliance Data protection

Harnessing AI in Transactional Legal Work

Clio

FEBRUARY 21, 2025

From contract drafting to due diligence and deal efficiency, AI helps lawyers complete transactional legal tasks faster and more efficiently. Is keeping up with due diligence document review taking up a lot of staff time? AI wont replace transactional lawyers, but it is transforming how they work.

Due diligence

Due diligence Legal research Law firm Practice management

EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards

Inside Privacy

DECEMBER 5, 2023

For an overview of NIS 2, see our blog here. For an overview of the Cyber Resilience Act, see our blog here. For an overview of this scheme, see our blog here. As with most recent European technology regulation, the Cyber Resilience Act will come with the threat of high penalties for non-compliance – up to €15 million or 2.5%

Due diligence

Due diligence Compliance Law Law

The EU’s Cyber Resilience Act Has Now Been Agreed

Inside Privacy

DECEMBER 1, 2023

Conducting due diligence on imported PDEs. As with most recent European technology regulation, the CRA will come with the threat of high penalties for non-compliance – up to €15 million or 2.5% Notifying severe security incidents to ENISA, the relevant national cybersecurity authority, and users of the PDE. of global turnover.

Due diligence

Due diligence Software Compliance Law

AI and Its Impact on the Legal Industry

MatterSuite

JULY 4, 2023

In this blog, we will embark on a captivating journey to explore the profound impact of AI on the legal industry, unveiling its benefits and shedding light on the potential challenges it presents. This can save lawyers substantial time and effort in conducting legal research and due diligence.

Due diligence

Due diligence Machine learning e-discovery Legal research

Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations

Debevoise Data Blog

SEPTEMBER 20, 2021

To the extent that the data sets are being generated internally or scraped from the public Internet, make sure that there are policies and procedures to confirm regulatory compliance with contractual, IP and privacy obligations that may limit the use of that data. To subscribe to the Data Blog, please click here.

Due diligence

Due diligence Compliance Analytics Law

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

3 Geeks and a Law Blog

JULY 11, 2023

Leib notes SessionGuardian’s solution addresses risks beyond eDiscovery and source code review, including data breach response, M&A due diligence, and outsourced call centers. He announces SessionGuardian will offer free CLE courses on cybersecurity awareness and compliance. That’s an obvious one.

Law firm

Law firm Time-tracking Due diligence Attorney

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

Debevoise Data Blog

OCTOBER 4, 2021

In this Part 2, we discuss the measures that financial institutions can adopt to mitigate their ransomware sanctions risks, and why those compliance controls differ from the steps being taken by victims. These reviews can help determine which areas of the bank’s business may require heightened consideration for sanctions compliance.

Due diligence

Due diligence Compliance Data protection Law

Navigating Rapid Change: How AI Empowers Legal Teams to Stay Ahead

MatterSuite

AUGUST 28, 2023

This blog examines AI’s impact on the legal field, empowering legal teams to lead. AI can swiftly identify key terms, potential risks, and inconsistencies in contracts, thereby aiding lawyers in negotiations and due diligence. The legal sector is no exception to this rule. It also underscores the role of legal tech.

Due diligence

Due diligence Machine learning Analytics Dispute resolution

The State of State Law Cybersecurity Requirements

Debevoise Data Blog

SEPTEMBER 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. In this Debevoise Data Blog post, we examine the general cybersecurity obligations under state law, including common themes and recent developments. These states are included in a table at the end of this blog post. Compliance with an Industry Framework.

State law

State law Law Law Compliance

AI Tools for Law Firm Lead Generation

Martindale-Avvo

JUNE 7, 2024

LexBlog Lou AI Back on the marketing front, the Lou AI tool from LexBlog gives lawyers an edge when they are developing blog content. Unlike practice area pages, which commonly remain static for months or years, blog content needs constant updating. This is a time-consuming process that often strains a lawyer’s creative energies.

Law firm

Law firm Law Law Due diligence

Navigating Legal Factors for U.S. Companies Entering the E-commerce Market in Africa

Richmond Journal of Law and Technology

MAY 2, 2023

This blog post delves into the legal considerations that contribute to the success of e-commerce in different African countries and recommends suitable entry points for businesses entering the e-commerce market. This is because complying with the legal requirements of one country in the group ensures compliance with all others.

Data protection

Data protection Compliance Due diligence Law

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. We recommend using Clio’s Cloud Computing Due Diligence Checklist. As a reminder, law firms should always do their own due diligence and choose a tool that is best for their firm’s needs. Another bonus? Signal is free.

Law firm

Law firm Law Law Due diligence

You Can’t Have Legal GRC Optimisation Without Data Management Improvement?

Legal Tech Blog

DECEMBER 8, 2022

While these are necessary to help reduce complacency towards internal data protection compliance and ensure organisations actively work to reduce their exposure, it isn’t always easy for companies to align. Further, in the case of legal, some data needs to be kept on record for set lengths of time to ensure compliance.

e-discovery

e-discovery Machine learning Compliance Due diligence

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Debevoise Data Blog

OCTOBER 31, 2023

This could impact financial firms who are considering using the EU AI Act as their ‘high watermark’ for AI regulatory and governance compliance, who will have to accommodate any UK-specific requirements in their compliance programmes. The cover art used in this blog post was generated by DALL-E.

Compliance

Compliance Due diligence Machine learning Data protection

Change Management for Corporate Legal Departments

MatterSuite

OCTOBER 13, 2023

In this blog, we’ll explore some best practices and insights on change management for corporate legal departments, drawing from reputable sources like Thomson Reuters, Bloomberg Law , Argopoint, and Harvard Law School. Compliance and Risk Management In the legal field, compliance and risk management are paramount.

Compliance

Compliance Due diligence Time-tracking Legal technology

The FTC’s Proposed Rulemaking Part 3 — Key Data Security Takeaways

Debevoise Data Blog

AUGUST 29, 2022

To prepare for potential FTC rulemaking regarding data security, businesses should continue to develop FTC compliance programs – including reasonable security safeguards and cybersecurity programs – by evaluating the FTC’s recent actions and guidance. In Part 3 of our Data Blog series, we focus on the FTC ANPR as it relates to data security.

Due diligence

Due diligence Compliance Software State law

Continuing Legal Education (CLE) Requirements: Guide for Lawyers

MatterSuite

JANUARY 14, 2024

This blog will help you to gain insights and understanding its significance for lawyers, and gaining insights into the specific requirements that shape this ongoing educational commitment. Opting for courses from reputable providers not only ensures compliance but also enhances the overall quality of the learning experience.

Legal education

Legal education Lawyer Compliance Time-tracking

Continuing Legal Education (CLE) Requirements: Guide for Lawyers

MatterSuite

JANUARY 14, 2024

This blog will help you to gain insights and understanding its significance for lawyers, and gaining insights into the specific requirements that shape this ongoing educational commitment. Opting for courses from reputable providers not only ensures compliance but also enhances the overall quality of the learning experience.

Legal education

Legal education Lawyer Compliance Time-tracking

The Future of AI Regulation (Part 4): 24 Ways That Companies Can Reduce Their Regulatory and Reputational AI Risks

Debevoise Data Blog

MAY 6, 2021

Documentation— Maintain accurate records and proper documentation on algorithms used for decision-making, including risk assessments, training, data testing, and output logs to ensure compliance with applicable regulatory record-keeping obligations. Conduct periodic audits of the company’s compliance with its AI policies.

Compliance

Compliance Due diligence Time-tracking Defendant

Overview of Tamil Nadu’s new Anti-Gambling Law and its interplay with the recently amended IT Rules governing online gaming

Ikigai Law

MAY 9, 2023

They also mandate online gaming intermediaries to comply with due diligence requirements and provide for a self-regulation framework for online gaming intermediaries offering online real money games. The blog provides an overview of the TN Act and highlights the interplay between the TN Act and the IT Rules.

Due diligence

Due diligence Law Law Court

CPRA Rulemaking Is Underway – Getting Ahead of Enforcement Risks

Debevoise Data Blog

JULY 28, 2022

This post is the first in a planned series of blog posts addressing the CCPA rulemaking and key issues reverberating from the stakeholder and informational sessions, as well as important updates from the notice and comment period. Documenting procedures is crucial from both a compliance and enforcement perspective. Revise Contracts.

Due diligence

Due diligence Compliance Attorney Law

The EU Digital Operational Resilience Act (DORA): What you need to know and how to prepare

Debevoise Data Blog

NOVEMBER 21, 2022

In this Debevoise Data Blog post, we explore which entities are DORA-covered, its key provisions, and steps that businesses should consider to prepare for the new regime. What are the penalties for non-compliance? When does it come into force? What are the key requirements for financial entities? What can you do now?

Compliance

Compliance Due diligence Analytics Software

Ireland’s Legal Tech Conference Will Take Place on 29th November

Legal Tech Blog

NOVEMBER 17, 2022

Great news for business efficiency, but is it bad news for those charged with collecting data for litigation, investigations, and compliance? Der Beitrag Ireland’s Legal Tech Conference Will Take Place on 29th November erschien zuerst auf Legal Tech Blog.

Legal tech

Legal tech Legal tech Dispute resolution Due diligence

Josh Blandi

Colin S. Levy

MARCH 7, 2023

Whether it’s matter or practice management platforms, legal research platforms, contract lifecycle management platforms, or investigation and due diligence platforms, the legal world can be complex, and platforms allow for the complex nature of legal work to be streamlined through better process flows and automation technologies.

Due diligence

Due diligence Machine learning Court Litigation

European Data Protection Roundup – November

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. To subscribe to the Data Blog, please click here. The ban follows recent public sector scandals involving the use of facial recognition technology. Allen, Melyssa Eigen, David Z.

Data protection

Data protection Due diligence Compliance Hearing

Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence

Debevoise Data Blog

OCTOBER 14, 2021

For example, the testing, oversight and transparency required for AI that is being used for things like anti-money laundering, sanctions compliance, or cybersecurity is very different than for investment products or robo-advising. This is why the Report talks a lot about “proportionality”—or a risk-based approach—to AI regulation.

Machine learning

Machine learning Compliance Due diligence Law

Embracing Human-Tech Interoperability

Colin S. Levy

JUNE 5, 2024

Furthermore, maintaining compliance with legal standards and regulations when integrating technology requires meticulous planning and oversight to avoid potential legal pitfalls. Adopting advanced technology in legal practices often encounters human skepticism or resistance.

Paralegal

Paralegal Due diligence Contract management Time-tracking

The SEC Adopts Significant Cybersecurity Amendments to Reg S-P

Debevoise Data Blog

MAY 17, 2024

Firms will have either 18 or 24 months (depending on size) from the date of publication in the Federal Register to come into compliance. We discuss Reg S-P’s new and expanded requirements, as well as considerations for compliance, below. Takeaways Review and Update Policies and Procedures for Upcoming Compliance Dates.

e-records

e-records Compliance e-filing Due diligence

What the GDPR Can Tell Us About State Privacy Laws

Debevoise Data Blog

NOVEMBER 22, 2022

This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs. While the State Privacy Laws do not specifically require consent records to be maintained, it is good practice to evidence compliance with the law.

Data protection

Data protection Law Law Compliance

Love and Legal Tech – Jillian Bommarito and Michael Bommarito of 273 Ventures

3 Geeks and a Law Blog

MARCH 12, 2024

Jill, one of the world’s first certified AI auditors, brings her expertise in compliance and risk management to ensure that the models are built ethically and in accordance with legal standards. Jillian Bommarito 23:22 Yeah, you know, thinking about compliance and risk, generally, this kind of fit nicely into it.

Legal tech

Legal tech Legal tech Hearing Time-tracking

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

GDPR Considerations When Developing and Deploying AI Models: The EDPB’s Opinion on Compliance

Webinars

Trending Sources

The European Union’s Digital Services Act: In Force from This Saturday, February 17, 2024, Including for U.S. Intermediaries (Guest Blog Post)

Webinars

Exploring the Future of Legal Innovation at The Masters Conference: Thought Leadership in D.C. and Social Media in Discovery and Investigations

Part 2 – Helpful Guidance on Managing (Non-Cybersecurity) AI Risks from Hong Kong’s SFC

FTC’s Consent Order Against Marriott: Expectations for Reasonable Security

Streamlining Procurement: How RFPs Benefit Corporate Legal Teams and Law Firms

Top 10 (Well, 11) Cybersecurity Blog Posts for 2024

European Data Protection Roundup – January 2025

Helpful Guidance on Managing AI-Related Cybersecurity Risks from Hong Kong’s SFC

PCI Compliance for Law Firms: A Comprehensive Guide

The SEC’s New Risk Alert Warns about the Use of Alternative Data

Managing Legal Risks: Strategies for In-House Legal Counsel

Managing Legal Risks: Strategies for In-House Legal Counsel

Harnessing AI in Transactional Legal Work

EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards

The EU’s Cyber Resilience Act Has Now Been Agreed

AI and Its Impact on the Legal Industry

Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations

Cybersecurity in the Remote Work Era: AI, Employees and an Integrated Defense – With SessionGuardian’s Jordan Ellington and Oren Leib, and Katten’s Trisha Sircar (TGIR Ep. 211)

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

Navigating Rapid Change: How AI Empowers Legal Teams to Stay Ahead

The State of State Law Cybersecurity Requirements

AI Tools for Law Firm Lead Generation

Navigating Legal Factors for U.S. Companies Entering the E-commerce Market in Africa

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

You Can’t Have Legal GRC Optimisation Without Data Management Improvement?

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Change Management for Corporate Legal Departments

The FTC’s Proposed Rulemaking Part 3 — Key Data Security Takeaways

Continuing Legal Education (CLE) Requirements: Guide for Lawyers

Continuing Legal Education (CLE) Requirements: Guide for Lawyers

The Future of AI Regulation (Part 4): 24 Ways That Companies Can Reduce Their Regulatory and Reputational AI Risks

Overview of Tamil Nadu’s new Anti-Gambling Law and its interplay with the recently amended IT Rules governing online gaming

CPRA Rulemaking Is Underway – Getting Ahead of Enforcement Risks

The EU Digital Operational Resilience Act (DORA): What you need to know and how to prepare

Ireland’s Legal Tech Conference Will Take Place on 29th November

Josh Blandi

European Data Protection Roundup – November

Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence

Embracing Human-Tech Interoperability

The SEC Adopts Significant Cybersecurity Amendments to Reg S-P

What the GDPR Can Tell Us About State Privacy Laws

Love and Legal Tech – Jillian Bommarito and Michael Bommarito of 273 Ventures

Stay Connected