Luke Dembosky – Debevoise Data Blog

Announcement

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

By: Luke Dembosky, Jeremy Feigelson, Jyotin Hamid, Satish Kini, Henry Lebowitz, Maura Kathleen Monaghan, David A. O'Neil, Jim Pastore, David Sarratt, Jeffrey P. Cunard, Christopher Garrett, Kim Le, Tricia Bozyk Sherno, Johanna Skrzypczyk, Javier Alvarez-Oviedo, HJ Brehmer, Frank Colleluori, Josie Dikkers, Martha Hirst and Alexandra Mogul December 1, 2021

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…

Announcement

Banking Regulators Finalize 36-Hour Data Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Satish Kini, Gregory Lyons, Johanna Skrzypczyk, Christopher S. Ford, Alexandra Mogul and Erik Rubinstein November 23, 2021

On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…

CISA

An Overview of Proposed Cybersecurity Legislation: Which Incidents Are Covered, Who Counts as Critical Infrastructure, and What New Obligations Are Created?

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Stephanie D. Thomas November 22, 2021

On November 15, 2021, President Biden signed the Infrastructure Investment and Jobs Act into law, authorizing $1.2 trillion for infrastructure spending, including approximately $2 billion for various federal cybersecurity projects.…

Data Transfers

China Publishes New Draft Measures on Outbound Data Transfers

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk and Eva Yue Niu November 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of…

Cybersecurity

OFAC and FinCEN Update Ransomware Guidance to Include New Red-Flag Indicators and Additional Sanctions Designations

By: Luke Dembosky, Avi Gesser, Satish Kini, Aseel Rabie and HJ Brehmer November 9, 2021

On November 8, 2021, the U.S. Department of the Treasury (“Treasury”) announced a new set of sanctions against criminal ransomware actors, the virtual currency exchange Chatex, and three companies providing…

Cybersecurity

Six Quick Cybersecurity Takeaways from SEC Speaks 2021

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Charu Chandrasekhar, HJ Brehmer and Matthew C. Rametta October 14, 2021

On October 13, the annual Securities and Exchange Commission Speaks seminar concluded with presentations from the Examination, Enforcement, and Investment Management divisions. As SEC regulated entities (including publicly traded companies,…

Roundup

European Data Protection Roundup – September

By: Luke Dembosky, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst and Diana Moise October 12, 2021

European Data Protection Roundup – September 2021 Key takeaways this September include: Transparency: The importance of providing individuals sufficient information to enable them to understand how their personal data is…

Regulation

China Passes the Personal Information Protection Law

By: William Y. Chua, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Edwin Northover, Jim Pastore, Emily Lam, Philip Rohlik, Johanna Skrzypczyk and Tingting Wu October 11, 2021

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown…

CISA

Emerging Cybersecurity Standards for Critical Infrastructure – Lessons from Recent Goals Released by CISA and NIST

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Andres S. Gutierrez October 8, 2021

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…