Avi Gesser – Page 4 – Debevoise Data Blog

Cybersecurity

A Summary of the Final Amendments to the NYDFS Cyber Rules

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Charu Chandrasekhar, Caroline Novogrod Swett, Johanna Skrzypczyk, Michael R. Roberts, Stephanie Thomas and Joshua A. Goland November 14, 2023

As will be discussed in our November 28, 2023 webcast, on November 1, 2023, the New York Department of Financial Services (“NYDFS” or the “Department”) announced the adoption of the…

Artificial Intelligence

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

By: Avi Gesser, Robert Maddox, Benjamin Lyon, Clare Swirski, Martha Hirst and Ryan Fincham October 31, 2023

On 26 October 2023, the Bank of England, Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”, collectively the “UK Financial Authorities”) published FS2/23 on Artificial Intelligence and Machine Learning…

Cybersecurity

FTC Adopts Broad Breach Notification Amendment to Its Safeguards Rule

By: Avi Gesser, Charu Chandrasekhar, Luke Dembosky, Erez Liebermann, Kristin Snyder, Johanna Skrzypczyk, Michael R. Roberts, Mengyi Xu and Melyssa Eigen October 30, 2023

On October 27, 2023, the Federal Trade Commission (“FTC”) approved an amendment (“Amended Rule”) to the Standards for Safeguarding Customer Information (the “Safeguards Rule”) that will require non-banking financial institutions…

Artificial Intelligence

Tips for Adopting Generative AI — On Demand Webcast

By: Avi Gesser, Kristin Snyder and Matt Kelly October 23, 2023

On October 20, 2023, Avi Gesser, Kristin Snyder and Matt Kelly from the Debevoise AI Practice Group, hosted a webcast that reviewed some of the key challenges for deployment of…

Artificial Intelligence

The SEC’s 2024 Examination Priorities: Continued Scrutiny of Cybersecurity Policies and Procedures

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Kristin Snyder, Erez Liebermann, Matt Kelly and Mengyi Xu October 18, 2023

On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) issued its 2024 Examination Priorities (the “2024 Priorities”). The 2024 Priorities reflect the Commission’s continued scrutiny of information security and…

Artificial Intelligence

Eight GDPR Questions when Adopting Generative AI

By: Avi Gesser, Robert Maddox, Friedrich Popp and Martha Hirst October 10, 2023

As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations,…

Artificial Intelligence

The Final Colorado AI Insurance Regulations: What’s New and How to Prepare

By: Avi Gesser, Erez Liebermann, Eric Dinallo, Matt Kelly, Corey Goldstein, Stephanie Thomas, Samuel J. Allaman and Basil Fawaz October 3, 2023

On September 21, 2023, the Colorado Division of Insurance (the “DOI”) released its Final Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information…

CCPA

California Privacy Protection Agency Begins CCPA Rulemaking for Cybersecurity Audits

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts and HJ Brehmer September 20, 2023

Earlier this month, staff at the California Privacy Protection Agency (the “Agency” or “CPPA”) put forward Draft Cybersecurity Audit Regulations (“the Draft”) for the CPPA Board’s consideration. While the Agency…

Cybersecurity

Cybersecurity Threats, Regulatory Developments, and the Role of Lawyers – for NY State Cyber CLE Credit

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser and Erez Liebermann September 20, 2023

On Tuesday, September 19, the partners in the Debevoise Data Strategy and Security group — Charu Chandresekhar, Luke Dembosky, Avi Gesser, and Erez Liebermann — provided a CLE on the…

Cybersecurity

How Would You Align Cybersecurity Regulations? We Want to Know.

By: Luke Dembosky, Avi Gesser, Erez Liebermann and Stephanie Thomas August 24, 2023

On July 19, the White House Office of the National Cyber Director (“ONCD”) announced a request for information on cybersecurity regulatory harmonization and regulatory reciprocity (the “Request”). The Request is…