On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24-hour notification for cyber ransom…
On July 8, 2022, the California Privacy Protection Agency (the “Agency”) issued a Notice of Proposed Rulemaking, kicking off a forty-five day comment period for proposed updates to the California…
On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment…
On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating…
The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…
On November 8, 2021, the U.S. Department of the Treasury (“Treasury”) announced a new set of sanctions against criminal ransomware actors, the virtual currency exchange Chatex, and three companies providing…
On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists,…
On November 2, 2021, Julie Riewe of Debevoise’s White Collar & Regulatory Defense Group and Christopher Ford and HJ Brehmer of Debevoise’s Data Strategy & Security Group hosted an engaging…
On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s…
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…