Michael R. Roberts – Page 4 – Debevoise Data Blog

Artificial Intelligence

The Value of AI Incident Response Plans and Tabletop Exercises

By: Avi Gesser, Anna Gressel, Michael R. Roberts, Corey Goldstein and Erik Rubinstein April 27, 2022

Today, it is widely accepted that most large organizations benefit from maintaining a written cybersecurity incident response plan (“CIRP”) to guide their responses to cyberattacks. For businesses that have invested…

Automated Decision Making

Six Key Takeaways from the SEC’s Most Recent Proposed Cybersecurity Rules for Registrants

By: Luke Dembosky, Avi Gesser, Matthew Kaplan, Charu Chandrasekhar, Michael R. Roberts, HJ Brehmer and Rebecca Zipursky March 11, 2022

On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment…

Data Minimization

Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records

By: Avi Gesser, Johanna Skrzypczyk and Michael R. Roberts March 1, 2022

Since we last wrote about data minimization, there have been several regulatory developments that illustrate the increasing operational and regulatory risks of keeping large volumes of old data. As cyber…

Cybersecurity

Credential Stuffing Continues: Practical Guidance to Protect Customer Information

By: Avi Gesser, Michael R. Roberts and Suchita Mandavilli Brundage January 31, 2022

In September 2020, we wrote about the risks of credential stuffing attacks following the New York Attorney General’s (NYAG) settlement with Dunkin’ Donuts. Since then, these attacks have continued, and…

Cybersecurity

Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Andres Gutierrez and Michelle Huang January 19, 2022

The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to…

Announcement

Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data

By: Luke Dembosky, Avi Gesser and Michael R. Roberts January 7, 2022

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently…

CCPA

Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Michael Bloom, Michael R. Roberts, Tricia Reville and Kate Saba December 16, 2021

The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023. In addition,…