Danielle Barbour

Agent Identity Authentication and the Delegation Chain

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Every compliance framework governing regulated data access asks the same foundational question: who authorized this? For human employees, the answer is straightforward — authenticated credentials, role-based access, and an audit...

AI Governance for Wealth Management: SEC-Defensible Agent Workflows

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Wealth management is one of the highest-velocity AI adoption sectors in financial services — and one of the most heavily regulated. AI agents are being deployed for quarterly client reporting,...

Compliant AI in Clinical Trials: Governing Agent Access to TMF Data

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Clinical trial operations are one of the most document-intensive regulated environments in any industry. Protocol amendments, investigator brochures, informed consent forms, site monitoring reports, serious adverse event records, regulatory submissions...

Prompt Injection and the Limits of AI Safety Filters in Regulated Environments

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

When a prompt injection attack causes an AI agent to access data it wasn’t authorized to touch, the compliance question isn’t whether the model produced harmful output. It’s whether unauthorized...

What the CLOUD Act Means for Financial Services Data in France

by Danielle Barbour March 25, 2026March 26, 2026 | Regulatory Compliance

The Clarifying Lawful Overseas Use of Data Act grants United States law enforcement agencies broad authority to compel disclosure of electronic communications and data stored by US-based service providers, regardless...

PDPL Compliance for Saudi Healthcare Organisations: Securing Patient Data Under National Privacy Law

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Saudi healthcare organisations operate under one of the region’s most demanding data protection frameworks. The Personal Data Protection Law establishes comprehensive obligations for entities that collect, process, store, or transmit...

GDPR Article 32 Security Requirements for Financial Services Organisations

by Danielle Barbour March 25, 2026March 25, 2026 | GDPR Compliance

Financial services organisations handle some of the most sensitive data in the global economy. Payment card details, account credentials, transaction histories, investment portfolios, and personally identifiable information flow through banking...

Why DORA Changes Everything for EU Banks in 2026

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

The Digital Operational Resilience Act represents the most comprehensive overhaul of operational risk management for financial institutions operating in the European Union. Unlike previous regulatory frameworks that treated cybersecurity as...

Why Encryption Key Control Matters for UK Financial Institutions

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

UK financial institutions operate under some of the most demanding regulatory and security frameworks in the world. The FCA, PRA, and ICO require robust data protection controls, and institutions must...

Top 5 Compliance Risks in Financial Services RAG Implementations

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

Financial services organisations deploying retrieval-augmented generation systems face a distinct set of regulatory and security challenges. Unlike general enterprise AI deployments, RAG implementations in banking, insurance, and capital markets process...

DORA Incident Reporting: Compliance Strategies for Financial Institutions

by Danielle Barbour March 25, 2026March 25, 2026 | Regulatory Compliance

The Digital Operational Resilience Act establishes comprehensive requirements for financial institutions to identify, classify, report, and analyse ICT-related incidents. Unlike traditional cybersecurity frameworks that treat incident reporting as reactive compliance,...

Security and Compliance Blog

Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.

Posts by Danielle Barbour

Agent Identity Authentication and the Delegation Chain

AI Governance for Wealth Management: SEC-Defensible Agent Workflows

Compliant AI in Clinical Trials: Governing Agent Access to TMF Data

Prompt Injection and the Limits of AI Safety Filters in Regulated Environments

PDPL Compliance for Saudi Healthcare Organisations: Securing Patient Data Under National Privacy Law

Why DORA Changes Everything for EU Banks in 2026

Why Encryption Key Control Matters for UK Financial Institutions

DORA Incident Reporting: Compliance Strategies for Financial Institutions

Data Sovereignty Challenges for UK Investment Firms: 5 Solutions

A CISO Walks Into a Board Meeting With Only Half an Answer

Only 48 Cloud Services Hold FedRAMP High authorization — and Agencies Are Feeling the Squeeze

Get started.