Luke Dembosky – Page 8 – Debevoise Data Blog

Data Transfers

China Publishes New Draft Measures on Outbound Data Transfers

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk and Eva Yue Niu November 11, 2021

International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of…

Automated Decision Making

OFAC and FinCEN Update Ransomware Guidance to Include New Red-Flag Indicators and Additional Sanctions Designations

By: Luke Dembosky, Avi Gesser, Satish Kini, Aseel Rabie, HJ Brehmer and Andreas Constantine Pavlou November 9, 2021

On November 8, 2021, the U.S. Department of the Treasury (“Treasury”) announced a new set of sanctions against criminal ransomware actors, the virtual currency exchange Chatex, and three companies providing…

Roundup

European Data Protection Roundup – October

By: Luke Dembosky, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst, Diana Moise and Jesse Hope November 1, 2021

European Data Protection Roundup – October 2021 Key takeaways this October include: Liability for excessive security footage: The need to ensure security systems are configured appropriately to minimise the scope…

Cybersecurity

Six Quick Cybersecurity Takeaways from SEC Speaks 2021

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Charu A. Chandrasekhar, HJ Brehmer and Matthew C. Rametta October 14, 2021

On October 13, the annual Securities and Exchange Commission Speaks seminar concluded with presentations from the Examination, Enforcement, and Investment Management divisions. As SEC regulated entities (including publicly traded companies,…

Roundup

European Data Protection Roundup – September

By: Luke Dembosky, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst and Diana Moise October 12, 2021

European Data Protection Roundup – September 2021 Key takeaways this September include: Transparency: The importance of providing individuals sufficient information to enable them to understand how their personal data is…

Regulation

China Passes the Personal Information Protection Law

By: William Y. Chua, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Edwin Northover, Jim Pastore, Emily Lam, Philip Rohlik, Johanna Skrzypczyk and Tingting Wu October 11, 2021

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown…

CISA

Emerging Cybersecurity Standards for Critical Infrastructure – Lessons from Recent Goals Released by CISA and NIST

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Andres S. Gutierrez October 8, 2021

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…

Enforcement

Improved Cybersecurity Can Mitigate Sanctions Risk and Other Takeaways from the Latest OFAC Advisory on Ransomware

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Sarah Q. Smith September 23, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (the “Advisory”) on sanctions risks associated with payments to threat…

GDPR

European Data Protection Roundup – July

By: Luke Dembosky, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst and Christina Heil August 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s…