Mengyi Xu – Debevoise Data Blog

Cybersecurity

A Late Winter Blizzard of SEC Cybersecurity Rulemaking: the Proposed BD Cybersecurity Rules and Expanded Reg S-P and Reg SCI Obligations

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Charu Chandrasekhar, Sheena Paul, Suchita Mandavilli Brundage, Michael R. Roberts, Mengyi Xu and Ned Terrace March 20, 2023

On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers,…

Artificial Intelligence

The Challenges That AI Poses for Data Minimization

By: Avi Gesser, Mengyi Xu, Michael Pizzi and Jackie Dorward March 17, 2023

We have written several times about the need for companies to reduce the amount of data that they collect and to get rid of old data. Data minimization lowers the…

Cybersecurity

National Cybersecurity Strategy (Part 1): The White House Urges Private and Public Action

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Michael R. Roberts, Mengyi Xu, Noah L. Schwartz, Stephanie Thomas, Jarrett Lewis and Jacob Hochberger March 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the…

Artificial Intelligence

Risks of Overselling Your AI: The FTC is Watching

By: Avi Gesser, Erez Liebermann, Jim Pastore, Paul D. Rubin, Christopher S. Ford, Anna Gressel, Mengyi Xu and Melissa Muse March 6, 2023

On February 27, 2023, the FTC released guidance entitled “Keep Your AI Claims in Check” (“AI Claims Blog Post”), reminding companies that false or unsubstantiated claims about a product’s efficacy…

Announcement

Debevoise Authors 2023 Edition of the PLI Privacy Law Answer Book

By: Luke Dembosky, Avi Gesser, Jyotin Hamid, Satish Kini, Henry Lebowitz, Erez Liebermann, Maura Kathleen Monaghan, David A. O'Neil, Jim Pastore, David Sarratt, Jeffrey P. Cunard, Kim Le, Tricia Bozyk Sherno, Johanna Skrzypczyk, Michael R. Roberts, Michael Bloom, Fanny Gauthier, Corey Goldstein, Kyle Kysela, Hannah R. Levine, Linda Lin, Melissa Muse, Kate Saba, Noah L. Schwartz and Mengyi Xu January 23, 2023

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the Practising Law Institute’s 2023 edition of the Privacy Law Answer Book, a user-friendly guide to the laws and…

NYDFS

NYDFS Publishes Official Amendments to Its Cybersecurity Regulation (Part 2) – Answers to the Top Questions from Our Webcast

By: Avi Gesser, Erez Liebermann, Johanna Skrzypczyk, Caroline Novogrod Swett, Mengyi Xu and Jonathan Steinberg November 30, 2022

On November 9, 2022, the New York Department of Financial Services (the “NYDFS”) announced the publication of the official proposed amendments to its 2017 Cybersecurity Regulation 23 NYCRR 500 (the “Proposed Amendments”). The 60-day…

Automated Decision Making

When Humans and Machines Disagree – The Myth of “AI Errors” and Unlocking the Promise of AI Through Optimal Decision Making

By: Avi Gesser, Anna Gressel, Mengyi Xu and Samuel J. Allaman November 14, 2022

Machines are increasingly making important decisions that have traditionally been made by humans, such as who should get a job interview or who should receive a loan. For valid legal,…

Data Transfers

Privacy Shield 2.0: Biden’s Executive Order May Pave the Way for a New EU-U.S. Data Transfer Framework

By: Robert Maddox, Friedrich Popp, Tristan Lockwood, Melissa Muse and Mengyi Xu October 17, 2022

On October 7, 2022, U.S. President Biden signed Executive Order 14086 on Enhancing Safeguards for United States Signals Intelligence Activities (the “Order”). The administrative Order creates new protections applicable to…

NYDFS

NYDFS Proposed Significant Changes to Its Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Charu Chandrasekhar, HJ Brehmer, Michelle Huang and Mengyi Xu August 1, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24-hour notification for cyber ransom…

Artificial Intelligence

New Automated Decision-Making Laws: Four Tips for Compliance

By: Avi Gesser, Robert Maddox, Anna Gressel, Mengyi Xu, Samuel J. Allaman and Andres S. Gutierrez June 25, 2022

With the widespread adoption of artificial intelligence (“AI”) and other complex algorithms across industries, many business decisions that used to be made by humans are now being made (either solely…