On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. Many of the proposals follow…
On Friday, February 11, 2022, Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice and Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group, hosted Part…
The Banking Group of Debevoise & Plimpton LLP has launched the Debevoise Fintech Blog to help financial institutions sift through this complex legal landscape and keep abreast of developments in…
In September 2020, we wrote about the risks of credential stuffing attacks following the New York Attorney General’s (NYAG) settlement with Dunkin’ Donuts. Since then, these attacks have continued, and…
On January 20, 2022, Avi Gesser (Co-Chair of the Debevoise Data Strategy & Security Group), joined a panel discussion with Jon Godfread (North Dakota Insurance Commissioner and Chair of the…
On January 24, 2022, SEC Chair Gary Gensler gave a speech on cybersecurity rulemaking to the Annual Securities Regulation Institute, outlining a number of key points he expects the SEC…
On January 18, 2022, Avi Gesser from our Data Strategy and Security Group spoke at a webcast for the Risk Management Association on complying with shrinking breach notification deadlines. The…
The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to…
Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and…
Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently…