Johanna Skrzypczyk – Page 4 – Debevoise Data Blog

Automated Decision Making

China Publishes New Draft Regulations on Data Security

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk, Martha Hirst, Mengyi Xu and Eva Yue Niu December 9, 2021

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications…

Announcement

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

By: Luke Dembosky, Jeremy Feigelson, Jyotin Hamid, Satish Kini, Henry Lebowitz, Maura Kathleen Monaghan, David A. O'Neil, Jim Pastore, David Sarratt, Jeffrey P. Cunard, Christopher Garrett, Kim Le, Tricia Bozyk Sherno, Johanna Skrzypczyk, Javier Alvarez-Oviedo, HJ Brehmer, Frank Colleluori, Josie Dikkers, Martha Hirst and Alexandra Mogul December 1, 2021

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…

Announcement

Banking Regulators Finalize 36-Hour Data Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Satish Kini, Gregory Lyons, Johanna Skrzypczyk, Christopher S. Ford, Alexandra Mogul and Erik Rubinstein November 23, 2021

On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…

Cybersecurity

The FTC’s Strengthened Safeguards Rule and the Evolving Landscape of Reasonable Data Security

By: Jeremy Feigelson, Avi Gesser, Satish Kini, Johanna Skrzypczyk, Lily D. Vo, Corey Goldstein and Scott M. Caravello November 18, 2021

On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Amended Rule”). This rule, promulgated pursuant…

Data Transfers

China Publishes New Draft Measures on Outbound Data Transfers

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk and Eva Yue Niu November 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of…

Artificial Intelligence

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 26, 2021

This is Part 2 in a two-part series of articles about facial recognition laws in the United States. In Part 1, we discussed how current legislation addresses facial recognition. In…

Artificial Intelligence

Face Forward: Strategies for Complying with Facial Recognition Laws

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 19, 2021

Part 1: The Current Patchwork Two huge crosscurrents are sweeping the world of facial recognition—and moving head-on into each other. Companies are eagerly adopting facial recognition tools to better serve…

Regulation

China Passes the Personal Information Protection Law

By: William Y. Chua, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Edwin Northover, Jim Pastore, Emily Lam, Philip Rohlik, Johanna Skrzypczyk and Tingting Wu October 11, 2021

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown…

CCPA

The State of State Law Cybersecurity Requirements

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Alexandra P. Swain, Suchita Mandavilli Brundage and Parker Eudy September 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…

Enforcement

The SEC’s Cyber Priorities and Four Additional Ways for Companies to Reduce Regulatory Risk

By: Avi Gesser, Johanna Skrzypczyk and Suchita Mandavilli Brundage July 27, 2021

Earlier this year, we wrote about the SEC’s cybersecurity priorities. Since then, the SEC announced a settlement with First American Title Insurance and Services (“First American”) for violating Rule 13a-15(a)…