Avi Gesser – Page 24 – Debevoise Data Blog

CISA

Emerging Cybersecurity Standards for Critical Infrastructure – Lessons from Recent Goals Released by CISA and NIST

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Andres S. Gutierrez October 8, 2021

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s…

Artificial Intelligence

Webcast – Artificial Intelligence and Discrimination in the Insurance Industry

By: Avi Gesser and Anna Gressel October 7, 2021

On October 8, 2021, Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice and Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group, held an engaging…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…

CCPA

The State of State Law Cybersecurity Requirements

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Alexandra P. Swain, Suchita Mandavilli Brundage and Parker Eudy September 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…

Artificial Intelligence

Podcast: Artificial Intelligence and Bias — Compliance & Legal Risk Podcast from Georgetown Law and EY

By: Avi Gesser September 24, 2021

In a new episode of the Compliance & Legal Risk podcast, Avi Gesser from Debevoise’s Data Strategy and Security Group contributed to an insightful conversation with Ronald J. Coleman of Georgetown Law, Mutale…

Enforcement

Improved Cybersecurity Can Mitigate Sanctions Risk and Other Takeaways from the Latest OFAC Advisory on Ransomware

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Sarah Q. Smith September 23, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (the “Advisory”) on sanctions risks associated with payments to threat…

Enforcement

Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations

By: Avi Gesser, Charu A. Chandrasekhar, Eric Silverberg, Mengyi Xu and Adrian Gonzalez September 20, 2021

As part of our ongoing series on enforcement actions by the Securities and Exchange Commission (“SEC”) in data- and cybersecurity-related matters (here, here, and here), we have been closely tracking…

CCPA

More Privacy and Cyber Requirements Coming to California: Privacy Enforcer Invites Public Comment on New Rulemaking

By: Jeremy Feigelson, Avi Gesser, Jim Pastore, Christopher S. Ford and HJ Brehmer September 17, 2021

Last week, the California Privacy Protection Agency (the “Agency”) invited public comment on its preliminary rulemaking. As previously discussed, the California Privacy Rights Act (“CPRA”) established the Agency and tasked…

CJEU

European Data Protection Roundup – August

By: Jeremy Feigelson, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier and Martha Hirst September 9, 2021

Key takeaways from developments this August include: Indications of what the UK’s post-Brexit data transfer arrangements might look like – companies transferring data from the UK will want to follow…

Enforcement

The Latest Round of SEC Cybersecurity Enforcement Actions Targets MFA Deficiencies, Inadequate Policies, and Misleading Breach Notifications

By: Avi Gesser, Jim Pastore and Mengyi Xu September 1, 2021

On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a)…