Johanna Skrzypczyk – Debevoise Data Blog

Cybersecurity

Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Andres Gutierrez and Michelle Huang January 19, 2022

The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to…

Cybersecurity

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

By: Luke Dembosky, Avi Gesser, Ted Hassi, Jim Pastore, Paul D. Rubin, Johanna Skrzypczyk, Christopher S. Ford, Leah Martin and Melissa Runsten January 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and…

CCPA

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Michael Bloom, Michael R. Roberts, Tricia Reville and Kate Saba December 16, 2021

The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023. In addition,…

Uncategorized

China Publishes New Draft Regulations on Data Security

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk, Martha Hirst, Mengyi Xu and Eva Yue Niu December 9, 2021

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications…

Announcement

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

By: Luke Dembosky, Jeremy Feigelson, Jyotin Hamid, Satish Kini, Henry Lebowitz, Maura Kathleen Monaghan, David A. O'Neil, Jim Pastore, David Sarratt, Jeffrey P. Cunard, Christopher Garrett, Kim Le, Tricia Bozyk Sherno, Johanna Skrzypczyk, Javier Alvarez-Oviedo, HJ Brehmer, Frank Colleluori, Josie Dikkers, Martha Hirst and Alexandra Mogul December 1, 2021

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…

Announcement

Banking Regulators Finalize 36-Hour Data Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Satish Kini, Gregory Lyons, Johanna Skrzypczyk, Christopher S. Ford, Alexandra Mogul and Erik Rubinstein November 23, 2021

On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…

Cybersecurity

The FTC’s Strengthened Safeguards Rule and the Evolving Landscape of Reasonable Data Security

By: Jeremy Feigelson, Avi Gesser, Satish Kini, Johanna Skrzypczyk, Lily D. Vo, Corey Goldstein and Scott M. Caravello November 18, 2021

On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Amended Rule”). This rule, promulgated pursuant…

Data Transfers

China Publishes New Draft Measures on Outbound Data Transfers

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk and Eva Yue Niu November 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of…

Artificial Intelligence

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 26, 2021

This is Part 2 in a two-part series of articles about facial recognition laws in the United States. In Part 1, we discussed how current legislation addresses facial recognition. In…

Artificial Intelligence

Face Forward: Strategies for Complying with Facial Recognition Laws

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 19, 2021

Part 1: The Current Patchwork Two huge crosscurrents are sweeping the world of facial recognition—and moving head-on into each other. Companies are eagerly adopting facial recognition tools to better serve…