Ned Terrace – Debevoise Data Blog

CISA

Trump Administration Releases National Cyber Strategy: Key Takeaways for Businesses

By: Luke Dembosky, Avi Gesser, Erez Liebermann, HJ Brehmer, Stephanie Thomas and Ned Terrace March 9, 2026

On March 6, 2026, the White House released President Trump’s Cyber Strategy for America (the “Strategy”), a directional statement of the Administration’s cybersecurity priorities. The Strategy signals an aggressive posture…

Announcement

Debevoise Launches STAAR 2.0 to Help Clients Scale Their AI Adoption

By: Avi Gesser, Charu A. Chandrasekhar, Matt Kelly, Diane Bernabei, Melyssa Eigen, Joshua A. Goland, Kelvin Hawkins, Martha Hirst, Carl Lasker, Jeremy Liss, Amer Mneimneh, Joshua Plastrik, Achutha Raman, Jannely Rodriguez, Lily Schoen, Adam Shankman, Sharon Shaji, Ned Terrace, Stephanie Thomas, Michiko Wongso, Caroline Wallace, Ella Han, Devin Ford, Margot Mooney, Stan Gershengoren, Karen Levy, Carolyn Cecil, Thomas H. Fuell, Peter M. Neddo, Julius Mueller-Auffermann, Oleksiy Pikhmanets, Jinhee Ahn, Cierra Bakhsh, John Mark Ozaeta, William Sadd, Nithya Satiyaselan, Jonathan Schuman and Nicholas T. Ziebell March 9, 2026

Debevoise & Plimpton LLP announced the launch of STAAR 2.0, an enhanced version of its award-winning[1] client-facing AI platform designed to help in-house legal and compliance teams evaluate, govern, and…

Artificial Intelligence

Use of AI-Generated Images for Fake Insurance Claims and Other Frauds

By: Charu A. Chandrasekhar, Avi Gesser, Eric T. Juergens, Benjamin Leb, Ned Terrace and Patty (Virtual AI Specialist) January 19, 2026

In 2026, companies and individuals conduct many important transactions using images of objects or documents, rather than the original items themselves. For example, individuals authenticate themselves using photos of their…

Artificial Intelligence

FINRA’s 2026 Regulatory Oversight Report: Continued Focus on Generative AI and Emerging Agent-Based Risks

By: Charu A. Chandrasekhar, Avi Gesser, Jeff Robins, Kristin Snyder, Matt Kelly, Jeremy Liss, Achutha Raman and Ned Terrace December 11, 2025

On December 9, 2025, FINRA released its 2026 FINRA Annual Regulatory Oversight Report (the “2026 Report”). The 2026 Report contains a standalone section on Generative AI (“GenAI”) that substantially expands…

Announcement

Debevoise Data Blog: Top 5 Privacy Posts of 2025

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Robert Maddox, Julie M. Riewe, Kristin Snyder, Rick Sofield, Sheena Paul, Johanna Skrzypczyk, HJ Brehmer, Martha Hirst, Suchita Mandavilli Brundage, Melyssa Eigen, Ned Terrace, Michelle Shen, Diane Bernabei and Mengyi Xu December 11, 2025

As we approach the end of the year, here are the top 5 privacy posts on the Debevoise Data Blog in 2025. Takeaways for Large Firms from the SEC’s Reg…

Artificial Intelligence

Colorado Approves Extension of AI Regulation to Health and Auto Insurers

By: Avi Gesser, Johanna Skrzypczyk, Michael Bloom, Benjamin Leb and Ned Terrace September 9, 2025

On August 20, 2025, Colorado’s Division of Insurance (the “Division”) adopted final amendments to its regulation on the Governance and Risk Management Framework Requirements for certain insurers that use external…

CCPA

Privacy Enforcement: Shift Toward Cookie Consent?

By: Avi Gesser, Johanna Skrzypczyk, Melyssa Eigen, Ned Terrace and Michelle Shen April 24, 2025

On March 12, 2025, the California Privacy Protection Agency (the “CPPA”) announced a decision and stipulated final order stemming from its investigation of the American Honda Motor Company’s (the “Company”…

Artificial Intelligence

GDPR Considerations When Developing and Deploying AI Models: The EDPB’s Opinion on Compliance

By: Avi Gesser, Robert Maddox, Martha Hirst, Ned Terrace, Michiko Wongso and Olivia Halderthay April 14, 2025

Given that AI models require large swathes of data to operate, the GDPR’s expansive definition of personal data means that many applications of AI involve complex data protection issues –…

DORA

European Data Protection Roundup – January 2025

By: Robert Maddox, Martha Hirst, Ned Terrace, Olivia Halderthay and Christina Newall February 28, 2025

Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…

Automated Decision Making

CPPA Proposed Rulemaking Package Part 2 – Automated Decision-Making Technology

By: Avi Gesser, Matt Kelly, Johanna Skrzypczyk, HJ Brehmer, Amer Mneimneh, Ned Terrace and Mengyi Xu February 13, 2025

In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the proposed rulemaking package (the “Draft Regulations”) of the California Privacy Protection Agency (the “CPPA”). In…