The California Privacy Protection Agency (the “CPPA”) Board met on July 24, 2025, to decide whether to adopt its comprehensive rulemaking package covering cybersecurity audits, automated decision-making technology, and other…
Using AI to make important decisions about individuals carries a risk of bias, especially for underwriting, credit, employment, and educational admission decisions. In this Debevoise Data Blog post, we discuss…
In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the California Privacy Protection Agency (the “CPPA”)’s proposed rulemaking package (the “Draft Regulations”). In Part 2,…
On March 12, 2025, the California Privacy Protection Agency (the “CPPA”) announced a decision and stipulated final order stemming from its investigation of the American Honda Motor Company’s (the “Company”…
On September 21, 2023, the Colorado Division of Insurance (the “Division”) released Regulation 10-1-1, Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information…
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…
As we approach the end of the year, here are the Top 11 Artificial Intelligence (“AI”) posts on the Debevoise Data Blog in 2024 by page views. If you are…
When a company is hit by a cyber attack, normal business gives way to the chaos of managing the investigation, operational disruptions, legal issues, and communications with customers, employees, vendors,…
When drafting policies on the use of artificial intelligence, one challenge that many businesses face is how to define AI, and relatedly, when should AI governance and compliance programs apply…
On July 11, 2024, the New York State Department of Financial Services (the “NYDFS”) adopted Insurance Circular Letter No. 7 regarding the Use of Artificial Intelligence Systems and External Consumer…