Avi Gesser – Debevoise Data Blog

CCPA

California Privacy Protection Agency Begins CCPA Rulemaking for Cybersecurity Audits

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts and HJ Brehmer September 20, 2023

Earlier this month, staff at the California Privacy Protection Agency (the “Agency” or “CPPA”) put forward Draft Cybersecurity Audit Regulations (“the Draft”) for the CPPA Board’s consideration. While the Agency…

Cybersecurity

Cybersecurity Threats, Regulatory Developments, and the Role of Lawyers – for NY State Cyber CLE Credit

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser and Erez Liebermann September 20, 2023

On Tuesday, September 19, the partners in the Debevoise Data Strategy and Security group — Charu Chandresekhar, Luke Dembosky, Avi Gesser, and Erez Liebermann — provided a CLE on the…

Cybersecurity

How Would You Align Cybersecurity Regulations? We Want to Know.

By: Luke Dembosky, Avi Gesser, Erez Liebermann and Stephanie Thomas August 24, 2023

On July 19, the White House Office of the National Cyber Director (“ONCD”) announced a request for information on cybersecurity regulatory harmonization and regulatory reciprocity (the “Request”). The Request is…

Artificial Intelligence

Board Responsibility for AI Risk Oversight

By: Charu Chandrasekhar, Avi Gesser, William Regner and Mengyi Xu August 17, 2023

On August 17, 2023, we published an article on Board Responsibility for AI Risk Oversight with Directors & Boards, covering: The promises and risks of AI adoption The rapidly evolving…

Cybersecurity

National Cybersecurity Strategy (Part 2): The White House Targets Threat Actors and Urges International Partnerships

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Michael R. Roberts, Noah L. Schwartz, Stephanie Thomas, Jarrett Lewis and Jacob Hochberger August 15, 2023

The White House has certainly been true to its word on pushing forward on cyber. In July 2023, following the release of the Biden Administration’s (“the Administration”) National Cybersecurity Strategy…

Artificial Intelligence

SEC Proposes Rule to Eliminate or Neutralize Conflicts of Interest in the Use of “Predictive Data Analytics” Technologies

By: Andrew J. Ceresney, Charu Chandrasekhar, Avi Gesser, Robert B. Kaplan, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Matt Kelly, Gary Murphy, Sheena Paul, Jarrett Lewis, Catherine Morrison and Mengyi Xu August 14, 2023

On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed rules (the “Proposed Rules”) that would require broker-dealers and investment advisers (collectively, “firms”) to evaluate their use…

Regulation

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the…

Privacy

Washington’s Novel Health Data Law: An In-Depth Look

By: Avi Gesser, Johanna Skrzypczyk, Kim Le, Michael R. Roberts, Alessandra G. Masciandaro, Andreas Constantine Pavlou, Melyssa Eigen and Ned Terrace August 2, 2023

U.S. state privacy continues to be at the forefront of legislative and policymaking activity. Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act…

Cybersecurity

SEC Adopts New Cybersecurity Rules for Issuers

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Mengyi Xu July 28, 2023

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused…

CCPA

California Attorney General’s CCPA Sweep Indicates Focus on HR Data

By: Avi Gesser, Johanna Skrzypczyk, Tricia Bozyk Sherno and Michael R. Roberts July 21, 2023

On July 14, 2023, California Attorney General Rob Bonta announced a California Consumer Privacy Act (“CCPA”) enforcement sweep focused on large California employers’ compliance with the CCPA’s requirements applicable to…