Danielle Barbour

AI Compliance Requirements for Financial Services Firms: What You Need to Know

by Danielle Barbour March 30, 2026March 30, 2026 | Regulatory Compliance

Financial services firms are among the most aggressive early adopters of AI — and among the most exposed when it comes to compliance. The regulatory environment they operate in was...

AI Compliance Requirements for Federal Contractors: What You Need to Know

by Danielle Barbour March 30, 2026March 30, 2026 | Regulatory Compliance

Federal contractors occupy one of the most demanding AI compliance environments in the enterprise market. The regulatory stack they operate under — CMMC 2.0, NIST 800-171, FedRAMP, ITAR, FISMA, and...

AI Compliance Requirements for Legal Departments and Law Firms: What You Need to Know

by Danielle Barbour March 30, 2026March 30, 2026 | Regulatory Compliance

Legal departments and law firms occupy a distinctive position in the AI compliance landscape. Unlike other industries where AI compliance is primarily a regulatory matter, legal AI compliance is simultaneously...

AI Compliance Requirements for Manufacturers: What You Need to Know

by Danielle Barbour March 30, 2026March 30, 2026 | Regulatory Compliance

Manufacturing sits at a unique intersection in the AI compliance landscape. Defense manufacturers must satisfy CMMC 2.0 and ITAR compliance requirements that apply with full force to AI systems touching...

AI Compliance Requirements for Healthcare Organizations: What You Need to Know

by Danielle Barbour March 30, 2026March 30, 2026 | HIPAA Compliance

Healthcare organizations handle the most sensitive personal data in any industry — and they are deploying AI faster than most sectors have built the governance infrastructure to support it. AI...

20 States, Zero Federal Law, and a 40% Cost Increase

by Danielle Barbour March 26, 2026March 26, 2026 | GDPR Compliance

The United States now has more than 20 comprehensive state privacy laws on the books, with Oklahoma’s SB 546 — the latest to pass — set to take effect in...

AI Data Protection Strategies: Masking Techniques for Compliance Leaders

by Danielle Barbour March 26, 2026March 26, 2026 | Cybersecurity Risk Management

AI adoption has surged across regulated sectors, but the sensitive nature of training and inference data has exposed organizations to new privacy, compliance, and reputational risks. Compliance leaders must ensure...

AI Agents, HIPAA, and the PHI Access Problem

by Danielle Barbour March 25, 2026March 25, 2026 | HIPAA Compliance

Healthcare organizations are deploying AI agents at an accelerating pace. Clinical documentation assistants, prior authorization workflows, discharge summary generators, and patient intake tools all have one thing in common: they...

Why System Prompts Are Not Compliance Controls

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

When organizations deploy AI agents against regulated data workflows, the most common governance approach is a well-crafted system prompt. Instruct the model not to access certain data categories. Tell it...

What the SEC’s AI Disclosure Requirements Actually Mean for Compliance Teams

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Financial services firms have been deploying AI agents against their most sensitive workflows — client reporting, trade reconciliation, regulatory filing preparation, and portfolio analysis. Most of these workflows touch data...

CMMC 2.0 and AI Agents: What “Authorized Access” Means for CUI-Touching Workflows

by Danielle Barbour March 25, 2026March 25, 2026 | CMMC Compliance

Defense contractors are deploying AI agents across proposal development, program documentation, supply chain management, and technical data workflows. Many of these workflows touch controlled unclassified information. That puts them squarely...

NYDFS Part 500 and AI: What New York’s Cybersecurity Regulation Requires of Agent Governance

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

New York’s financial services institutions are deploying AI agents across client reporting, underwriting, claims processing, fraud detection, and regulatory workflows. Most of these workflows access nonpublic information — the category...

NIST 800-171, CUI, and AI: What Your System Security Plan Is Missing

by Danielle Barbour March 25, 2026March 25, 2026 | CMMC Compliance

Thousands of organizations handle controlled unclassified information under government contracts without being in the CMMC certification pipeline. Federal contractors, research universities, state agencies, technology suppliers, and professional services firms that...

Canada ITSG-33 and AI: Meeting CSE’s Security Control Framework in Agentic Environments

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Canadian federal agencies, their contractors, and private sector organizations that handle government-classified information are deploying AI agents across document processing, citizen service workflows, regulatory review, and program administration. Many of...

ITAR, AI Agents, and Controlled Technical Data: The Export Control Compliance Gap

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Defense contractors and aerospace manufacturers are deploying AI agents across proposal development, engineering documentation, technical data package management, and supply chain workflows. Many of these workflows touch controlled technical data...

Security and Compliance Blog

Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.

Posts by Danielle Barbour

AI Compliance Requirements for Financial Services Firms: What You Need to Know

AI Compliance Requirements for Federal Contractors: What You Need to Know

AI Compliance Requirements for Manufacturers: What You Need to Know

AI Compliance Requirements for Healthcare Organizations: What You Need to Know

AI Agents, HIPAA, and the PHI Access Problem

Why System Prompts Are Not Compliance Controls

What the SEC’s AI Disclosure Requirements Actually Mean for Compliance Teams

CMMC 2.0 and AI Agents: What “Authorized Access” Means for CUI-Touching Workflows

NYDFS Part 500 and AI: What New York’s Cybersecurity Regulation Requires of Agent Governance

NIST 800-171, CUI, and AI: What Your System Security Plan Is Missing

Canada ITSG-33 and AI: Meeting CSE’s Security Control Framework in Agentic Environments

ITAR, AI Agents, and Controlled Technical Data: The Export Control Compliance Gap

Get started.