20 States, Zero Federal Law, and a 40% Cost Increase
The United States now has more than 20 comprehensive state privacy laws on the books, with Oklahoma’s SB 546 — the latest to pass — set to take effect in...
Security and Compliance Blog
Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.
Posts by Danielle Barbour
Danielle Barbour, Director of Product Marketing, Kiteworks
Danielle Barbour is Senior Director of Product Marketing, Regulatory Compliance at Kiteworks. Prior to joining Kiteworks, Danielle had direct experience with regulatory compliance within the medical tech start-up space and previously worked in the insurance and software industries. Danielle excels in translating diverse and creative ideas into strong revenue-driving programs.
She holds an MBA from Saint Mary’s College of California and a Bachelor’s degree from San Francisco State University.
AI Data Protection Strategies: Masking Techniques for Compliance Leaders
AI adoption has surged across regulated sectors, but the sensitive nature of training and inference data has exposed organizations to new privacy, compliance, and reputational risks. Compliance leaders must ensure...
AI Agents, HIPAA, and the PHI Access Problem
Healthcare organizations are deploying AI agents at an accelerating pace. Clinical documentation assistants, prior authorization workflows, discharge summary generators, and patient intake tools all have one thing in common: they...
Why System Prompts Are Not Compliance Controls
When organizations deploy AI agents against regulated data workflows, the most common governance approach is a well-crafted system prompt. Instruct the model not to access certain data categories. Tell it...
What the SEC’s AI Disclosure Requirements Actually Mean for Compliance Teams
Financial services firms have been deploying AI agents against their most sensitive workflows — client reporting, trade reconciliation, regulatory filing preparation, and portfolio analysis. Most of these workflows touch data...
CMMC 2.0 and AI Agents: What “Authorized Access” Means for CUI-Touching Workflows
Defense contractors are deploying AI agents across proposal development, program documentation, supply chain management, and technical data workflows. Many of these workflows touch controlled unclassified information. That puts them squarely...
NYDFS Part 500 and AI: What New York’s Cybersecurity Regulation Requires of Agent Governance
New York’s financial services institutions are deploying AI agents across client reporting, underwriting, claims processing, fraud detection, and regulatory workflows. Most of these workflows access nonpublic information — the category...
NIST 800-171, CUI, and AI: What Your System Security Plan Is Missing
Thousands of organizations handle controlled unclassified information under government contracts without being in the CMMC certification pipeline. Federal contractors, research universities, state agencies, technology suppliers, and professional services firms that...
Canada ITSG-33 and AI: Meeting CSE’s Security Control Framework in Agentic Environments
Canadian federal agencies, their contractors, and private sector organizations that handle government-classified information are deploying AI agents across document processing, citizen service workflows, regulatory review, and program administration. Many of...
ITAR, AI Agents, and Controlled Technical Data: The Export Control Compliance Gap
Defense contractors and aerospace manufacturers are deploying AI agents across proposal development, engineering documentation, technical data package management, and supply chain workflows. Many of these workflows touch controlled technical data...
Agent Identity Authentication and the Delegation Chain
Every compliance framework governing regulated data access asks the same foundational question: who authorized this? For human employees, the answer is straightforward — authenticated credentials, role-based access, and an audit...
AI Governance for Wealth Management: SEC-Defensible Agent Workflows
Wealth management is one of the highest-velocity AI adoption sectors in financial services — and one of the most heavily regulated. AI agents are being deployed for quarterly client reporting,...
Compliant AI in Clinical Trials: Governing Agent Access to TMF Data
Clinical trial operations are one of the most document-intensive regulated environments in any industry. Protocol amendments, investigator brochures, informed consent forms, site monitoring reports, serious adverse event records, regulatory submissions...
Prompt Injection and the Limits of AI Safety Filters in Regulated Environments
When a prompt injection attack causes an AI agent to access data it wasn’t authorized to touch, the compliance question isn’t whether the model produced harmful output. It’s whether unauthorized...
What the CLOUD Act Means for Financial Services Data in France
The Clarifying Lawful Overseas Use of Data Act grants United States law enforcement agencies broad authority to compel disclosure of electronic communications and data stored by US-based service providers, regardless...