Luke Dembosky – Debevoise Data Blog

CISA

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Stephanie D. Thomas March 16, 2022

On March 15, 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”) into law, requiring critical infrastructure entities to report covered cybersecurity incidents…

Cybersecurity

Six Key Takeaways from the SEC’s Most Recent Proposed Cybersecurity Rules for Registrants

By: Luke Dembosky, Avi Gesser, Matthew Kaplan, Charu Chandrasekhar, Michael R. Roberts, HJ Brehmer and Rebecca Zipursky March 11, 2022

On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment…

Cybersecurity

Four Takeaways from the SEC’s Proposed Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Julie M. Riewe, Charu Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta February 16, 2022

On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. Many of the proposals follow…

Cybersecurity

Webcast – Fireside Chat with NYDFS Cyber Chief Justin Herring

By: Luke Dembosky February 5, 2022

On February 2, 2022, Luke Dembosky, the Co-Chair of the Debevoise Data Strategy & Security Group, participated in a fireside chat with Justin Herring, the Executive Deputy Superintendent for the…

Cybersecurity

Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Andres Gutierrez and Michelle Huang January 19, 2022

The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to…

Cybersecurity

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

By: Luke Dembosky, Avi Gesser, Ted Hassi, Jim Pastore, Paul D. Rubin, Johanna Skrzypczyk, Christopher S. Ford, Leah Martin and Melissa Runsten January 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and…

Announcement

Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data

By: Luke Dembosky, Avi Gesser and Michael R. Roberts January 7, 2022

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently…

Announcement

The New York DFS Issues Guidance on Multifactor Authentication

By: Luke Dembosky, Avi Gesser, Jeremy Feigelson, Alexandra P. Swain, Parker Eudy and Noah L. Schwartz December 13, 2021

On December 7, 2021, the New York Department of Financial Services (“DFS”) released new guidance on multifactor authentication (“MFA”), indicating that it is increasing its review of MFA during examinations,…

Uncategorized

China Publishes New Draft Regulations on Data Security

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk, Martha Hirst, Mengyi Xu and Eva Yue Niu December 9, 2021

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications…

Announcement

Debevoise Authors 2022 Edition of the PLI Privacy Law Answer Book

By: Luke Dembosky, Jeremy Feigelson, Jyotin Hamid, Satish Kini, Henry Lebowitz, Maura Kathleen Monaghan, David A. O'Neil, Jim Pastore, David Sarratt, Jeffrey P. Cunard, Christopher Garrett, Kim Le, Tricia Bozyk Sherno, Johanna Skrzypczyk, Javier Alvarez-Oviedo, HJ Brehmer, Frank Colleluori, Josie Dikkers, Martha Hirst and Alexandra Mogul December 1, 2021

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…