On April 14, 2021, the New York State Department of Financial Services (the “DFS”) announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by…
Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. Today, we’re taking a deeper dive into one aspect of those priorities: cybersecurity as it…
Last year, we discussed the first enforcement action brought by the New York State Department of Financial Services (“DFS”), which involved charges against First American Title Insurance Company. That hearing…
On January 12, Judge James Boasberg of the U.S. District Court for the District of Columbia granted plaintiff Guo Wengui’s motion to compel production of a report (the “Report”)—and related…
On January 12, 2021, the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”) and the Federal Reserve Board (“FRB”) (together the “Agencies”) published a…
We have recently written about the persistence of the four most common varieties of cyberattacks: Ransomware, Phishing, Business Email Compromises, and Credential Stuffing, as well as the increased regulatory scrutiny that companies face…
On December 17, 2020 at 12:00pm ET, Luke Dembosky and Anna Gressel from Debevoise’s Data Strategy and Security Group will be joined by William Roberts, Acquisitions Chief for the U.S.…
EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. As a result, each new…
California voters have approved the new California Privacy Rights Act (“CPRA”). The margin was 56% – 44% – comfortable, if significantly tighter than pre-election polling that showed CPRA winning in…
In a long-awaited final decision, the UK Information Commissioner’s Office (the “ICO”) has issued a fine of £20m to British Airways (“BA”) following a data breach that took place in…