Articles

Regulatory analysis, written for practice owners.

Concise, cited, and scholarly-authoritative commentary on the frameworks that govern small regulated practices.

Regulatory|March 4, 2026

FTC Safeguards Rule: What Every Tax Preparer Must Now Document

The 2023 amendments to 16 CFR Part 314 turned every tax preparer into a financial institution. Here is what the Rule actually requires — and where small firms most often fall short.

Read article
HIPAA|February 18, 2026

HIPAA Risk Analysis Is Not a Risk Assessment. The Distinction Matters.

HHS-OCR settlements repeatedly cite the failure to conduct a §164.308(a)(1)(ii)(A) risk analysis. Practices that confuse it with a generic assessment routinely lose that argument.

Read article
SEC|January 30, 2026

The SEC’s 2024 Amendments to Regulation S-P: What Small Advisers Should Do First

The 2024 amendments modernized Reg S-P after twenty-four years. Small independent advisers face a compressed compliance runway.

Read article
Testing|January 8, 2026

Penetration Test vs. Vulnerability Scan: Why the Distinction Matters to Your Insurer

A vulnerability scan enumerates weaknesses. A penetration test demonstrates which ones an attacker could reach. Insurers are increasingly explicit about which they require.

Read article
Nonprofits|December 12, 2025

Nonprofit Cybersecurity Is a Board Responsibility. Most Boards Do Not Know That Yet.

Volunteer boards routinely oversee organizations holding donor financial data, employee HR records, and constituent PHI — without a cybersecurity briefing on the agenda.

Read article
Insurance|November 20, 2025

The NAIC Insurance Data Security Model Law: Where It Is Adopted, and What That Means

More than half of U.S. states have adopted a version of the Model Law. Independent producers should know exactly which regime governs them.

Read article