With last week’s political deal in European Parliament to advance the European Union’s groundbreaking AI Act (the “EU AI Act”), Europe is one step closer to enacting the world’s first…
Risk assessments are a critical component of a robust cybersecurity program. To benchmark their risk assessments and cybersecurity maturity reviews, companies often look to recognized industry standards such as the…
The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the Practising Law Institute’s 2023 edition of the Privacy Law Answer Book, a user-friendly guide to the laws and…
Today, it is widely accepted that most large organizations benefit from maintaining a written cybersecurity incident response plan (“CIRP”) to guide their responses to cyberattacks. For businesses that have invested…
On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Amended Rule”). This rule, promulgated pursuant…
Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”). First, on October 28, 2021, New York…
The U.S. Securities and Exchange Commission this week took the rare step of penalizing a company for its allegedly poor disclosure of a cyber incident. The SEC announced a $1…
On January 12, Judge James Boasberg of the U.S. District Court for the District of Columbia granted plaintiff Guo Wengui’s motion to compel production of a report (the “Report”)—and related…