Posts

Showing posts with the label Vendor

Potential Implications after a Breach of Personal Data

In addition to the immediate operational impacts, data breaches can trigger a range of legal consequences for clients— from the obligation to provide notice to regulators, individuals, and business partners, to the burden of defending regulatory oversight investigations and class action litigation —not to mention the pressure to mitigate effects on end clients and reputational damage. In the U.S., all 50 states, as well as the District of Columbia and three of the territories, have data breach notification laws with varying requirements, but generally the entity that owns the data (called a “controller”) must notify natural persons if there is unauthorized access to certain categories of their “personal information” (which includes SSNs and financial information). If a vendor suffers a data incident, they must notify the controller, often “immediately,” after which the obligation to provide the notices to the data subjects shifts to the controller . Most industrialized countries have ...

Ransomware: What You Need to Know as Attacks, Regulation and Enforcement Increase

Executive Summary What’s new.  As the frequency and sophistication of ransomware attacks increase, corporate responses to these incidents are subject to ever-growing regulation, and enforcement actions are becoming more frequent. Why it matters.  Businesses that are victims of a ransom attack face new regulatory risks and heightened scrutiny over their response processes, on top of potential operational damage and reputational harm. What to do now.  Organizations can mitigate legal and regulatory risks by ensuring incident response, escalation and notification protocols are thorough, up to date and well documented, and by engaging experienced legal counsel and cybersecurity advisers in advance of any incident. __________ Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies. Organizations victimized in these incidents now face not only the immediate operatio...

AI in Employment: Boosting Defensibility and Regulatory Readiness

Key Takeaways from the November 2025 Webinar   Artificial Intelligence (AI) is rapidly transforming every stage of the employment cycle —from recruiting and selection assessments to performance management and workplace safety and employee monitoring. In a recent  expert panel webinar , Berkshire brought together a lawyer, a labor economist, and an industrial organization psychologist to discuss practical strategies to ensure defensibility and compliance as employers navigate the evolving regulatory landscape for AI tools in HR.   Below, we summarize the core discussion points and share actionable recommendations for employers considering or currently implementing AI in their employment processes.   Foundational Legal Considerations Existing Federal Laws Apply:   AI tools used in employment decisions are covered by long-standing federal anti-discrimination statutes (Title VII, ADEA, ADA), not just...