CompliancePoint

04/30/2026

We’re excited to share that Wipfli, a top 25 advisory and accounting firm, has agreed to a transaction with CompliancePoint.
This move strengthens our ability to support clients with expanded cybersecurity, risk management and advisory services, while continuing to deliver the experience and services you trust.
https://hubs.ly/Q04f1CXP0

04/29/2026

2025 was an active year for lawsuits, with 2,628 cases, representing a 60% increase compared to 2024. The surge in litigation creates unprecedented compliance challenges and risk for operations.
We took a deep dive into TCPA litigation data to identify the key risk factors, emerging plaintiff patterns, and defensive strategies critical for compliance professionals. View our TCPA Litigation Trends 2025 Year in Review Report for an in-depth analysis of the spike in lawsuits, including:
⚖️ Serial plaintiff activity and trends
⚖️ Frequently targeted industries
⚖️ The states with the most TCPA lawsuits
⚖️ The most active plaintiff law firms

Our TCPA Litigation Trends 2025 Year in Review Report provides an in-depth analysis of the spike in lawsuits last year.

04/28/2026

Using brings an elevated risk of noncompliance for organizations. Common ways AI can lead to HIPAA violations include:
🤖 AI-powered chatbots
🤖 Not conducting risk assessments before implementing AI
🤖 Using patient data to train AI models without authorization
🤖 Using AI for transcription
🤖 Misconfigured AI cloud services
🤖 Entering into public AI tools
Click the link in the comments for best practices to help your organization leverage the power of AI while mitigating these risks.

04/22/2026

Alabama is the 21st state to pass a law. For a summary of the law’s applicability threshold, consumer rights, business obligations, effective date, and penalties, click the link in the comments.

04/16/2026

A common theme has emerged in enforcements: failing to provide consumers with the required methods to opt out of the sale/sharing of personal data and the use of web trackers. Common violations include:
💻 Apps without opt-out functionality
💻 Banners missing a decline button
💻 Requiring users to verify their ID or email
💻 Failing to honor opt-outs across all platforms
💻 Opting in takes more steps than opting out
💻 Links not providing easy opt-out options – just instructions to call or email
Click the link in the comments to see examples of actual violations that resulted in fines that were often over $1m.

04/14/2026

Chances are systems now touch your people, your processes, and your technology. It is also becoming part of what gets evaluated in your security assessments, but how do traditional standards account for AI governance?
https://hubs.ly/Q049l0vQ0

AI governance meets compliance: How traditional infosec frameworks account for the expanding use of artificial intelligence.

04/08/2026

The story has put the spotlight on the quality of auditors assessing with and frameworks. In this episode of Compliance Pointers, Carol Amick shares how to spot the red flags that your auditor may not be up to par. Click the link in the comments to learn about:
🕰️ 💲 Unrealistic price and speed promises
🪏 How involved your organization needs to be in the audit
🔬 Best practices for vetting auditors
🔎 How to vet your vendor’s SOC 2 reports

04/07/2026

For organizations building and programs from the ground up, here are steps you can follow to meet your goals.
Step 1: Establish Governance Before Controls
Step 2: Perform a Formal Risk Assessment and Understand Business Drivers
Step 3: Build Across Core Security Foundations
Step 4: Evaluate Which Frameworks Are Relevant
Step 5: Build Core Policies, Controls, and Evidence Expectations
Step 6: Operationalize the Program and Drive Adoption
Step 7: Use GRC Tools to Scale and Sustain the Program
Step 8: Prepare for Customer and Third-Party Reporting
Step 9: Create a Roadmap from Readiness to Assurance
For details on each step, and to learn about some pitfalls that trip organizations up, click the link.

How can organizations successfully build security and compliance programs? Here's a step-by-step breakdown of the journey.

04/02/2026

At CompliancePoint, we deliver end-to-end SOC 2 services that will simplify and accelerate your efforts.

04/02/2026

If your business has a website that uses any of the following tools:
💻 Analytics tools
💻 Advertising pixels
💻 Session replay software
💻 Chat functionality
💻 Third-party marketing tags
💻 Behavioral advertising tools
It’s at risk for Invasion of Act ( **A) lawsuits and demand letters. Learn how C**A compares to the and discover some strategies and actions businesses can take to help ensure the tools on their websites are not exposing them to unnecessary C**A risks.

The California Invasion of Privacy Act (C**A), enacted in 1967, was originally designed to prohibit wiretapping without consent.

03/31/2026

On March 25th, the Federal Communications Commission began mandating the use of SIP code 603+. For operations, this is significant for two reasons:

1. Visibility is perhaps the more immediate benefit. With 603+ now standardized, organizations that pull call detail records (CDRs) from their telephony providers can begin filtering specifically for this code. A pattern of 603+ responses on a particular outbound number is a clear signal that the number has been flagged by carrier analytics as suspected spam, something that would previously have required guesswork to identify.

2. Redress is the longer-term operational benefit. Because the 603+ Reason header contains contact information for the blocking provider, legitimate businesses that find their numbers being incorrectly flagged now have a defined path to challenge the block. This is a meaningful improvement over the previous environment, where even identifying which carrier was blocking calls often required significant investigative effort. The FCC designed this mechanism specifically to reduce the burden on legitimate callers who are caught up in analytics-based blocking despite operating within the law.

Click the link in the comments to learn more about Session Initiation Protocol technology and what businesses should do with the new rules in place.

03/26/2026

Let an experienced team of professionals handle your challenges, so you can focus on running your business, with our Virtual program.