Debevoise’s Data Strategy & Security practice has launched its Debevoise Data Portal. The Portal, which had been in beta testing since June 2020 with a select group of users, is now available for subscription. The Portal consists of a groundbreaking suite of tools that helps clients address business critical data security issues: The Cyber Breach Notification Assessment Tool: Allows subscribers…

On November 2, 2021, Julie Riewe of Debevoise’s White Collar & Regulatory Defense Group and Christopher Ford and HJ Brehmer of Debevoise’s Data Strategy & Security Group will host an engaging webcast on the Securities and Exchange Commission’s enforcement actions, guidance, and proposed rule-making in 2021.  Topics include: The SEC’s proposed cybersecurity disclosure and reporting requirements; Key takeaways from the…

Part 1: The Current Patchwork Two huge crosscurrents are sweeping the world of facial recognition—and moving head-on into each other. Companies are eagerly adopting facial recognition tools to better serve their customers, reduce their fraud risks, and manage their workforces. Meanwhile, legislatures and privacy advocates are pushing back hard. They challenge facial recognition as inherently overreaching, invasive of privacy, and…

On October 13, the annual Securities and Exchange Commission Speaks seminar concluded with presentations from the Examination, Enforcement, and Investment Management divisions. As SEC regulated entities (including publicly traded companies, investment advisers, and broker-dealers) look to 2022, they should keep the following key cybersecurity takeaways in mind: Continued Focus on Corporate Governance. The Associate Director of the Division of Examination’s…

On September 7, 2021, the Board of the International Organization of Securities Commissions (“IOSCO”) issued a final report entitled “The Use of Artificial Intelligence and Machine Learning by Market Intermediaries and Asset Managers” (the “Report”), which aims to assist IOSCO members in supervising their regulated entities over the use of AI and ML. While non-binding, the Report is likely to…

European Data Protection Roundup – September 2021 Key takeaways this September include: Transparency: The importance of providing individuals sufficient information to enable them to understand how their personal data is used and shared, following the Irish Data Protection Commission’s (“DPC”) €225 million fine against WhatsApp and the Hamburg DPA’s nearly €1 million penalty against an energy company for alleged transparency…

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown of the PIPL follows. High-level takeaways: With the PIPL, China is joining, if not leading, the global movement toward more and not less restriction on the processing of personal information.…

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s July 28, 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, represent a non-exhaustive guide of high-level cybersecurity best practices and are intended to support the development…

On October 8, 2021, Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice and Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group, held an engaging webcast on on the recent focus by insurance regulators on artificial intelligence (AI) and discrimination. Topics included: Recent NAIC activity, including its investigation into racial discrimination in the insurance industry;…

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware payments. The Advisory applies to victims of ransomware attacks, as well as companies that facilitate payments to threat actors, including financial institutions. In Part 1, we discussed the Advisory generally,…