Stephanie Thomas – Debevoise Data Blog

Artificial Intelligence

European Data Protection Roundup – Q4 2024

By: Robert Maddox, Johanna Skrzypczyk, Aisling Cowell, Stephanie Thomas, Michiko Wongso, Richard Blomqvist, Olivia Halderthay, Mia Hermann, Jeevika Bali, Samuel Thomson, Alexander McGinley, Christina Newall and Oliver Binns January 17, 2025

Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act, introducing cybersecurity requirements…

Artificial Intelligence

Colorado Proposes Extending AI Regulation to Health and Auto Insurers

By: Eric Dinallo, Avi Gesser, Marshal Bozzo, Matt Kelly, Samuel J. Allaman, Melyssa Eigen, Ned Terrace, Stephanie Thomas and Mengyi Xu December 16, 2024

On September 21, 2023, the Colorado Division of Insurance (the “Division”) released Regulation 10-1-1, Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information…

Artificial Intelligence

Top 10 (Well, 11) Cybersecurity Blog Posts for 2024

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Gareth Hughes, Erez Liebermann, Jim Pastore, Caroline Novogrod Swett, Marshal Bozzo, Matt Kelly, Robert Maddox, Johanna Skrzypczyk, HJ Brehmer, Stephanie Cipolla, Jackie Dorward, Melyssa Eigen, Joshua A. Goland, Martha Hirst, Karen Joo, Gabriel Kohan, Jarrett Lewis, Noah L. Schwartz, Ned Terrace, Stephanie Thomas, Annabella M. Waszkiewicz, Michiko Wongso and Mengyi Xu December 10, 2024

As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…

Compliance

Part 500, One Year Later (Part Two) – Defining “Material Compliance”

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Stephanie Thomas and Joshua A. Goland November 13, 2024

November 1, 2024 marked the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”).…

Data Transfers

Biden Administration Proposes to Limit Access to Sensitive Personal Data by Countries of Concern

By: Satish Kini, Rick Sofield, Erez Liebermann, Robert Dura, Taylor Richards, Stephanie Thomas, Jordan Corrente Beck and Yair Strachman November 6, 2024

The Department of Justice (“DOJ”) has moved ahead with its effort to protect Americans’ sensitive personal data and U.S. government data from exploitation by countries of concern or related covered…

Cybersecurity

NYDFS Part 500, One Year Later (Part One) – New Requirements Effective November 1, 2024

By: Avi Gesser, Erez Liebermann, Stephanie Thomas and Joshua A. Goland October 30, 2024

November 1, 2024, marks the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”).…

Cybersecurity

HUD Proposes to Narrow its Cyber Incident Notification Requirement

By: Avi Gesser, Erez Liebermann, Anna Moody, Stephanie Thomas and Karen Joo October 10, 2024

Earlier this year, the U.S. Department of Housing and Urban Development (“HUD”) released an unannounced and immediately effective Cyber Incident Reporting Requirement (the “Original Requirements”) in Mortgagee Letter 2024-10, which…

Artificial Intelligence

European Data Protection Roundup – July 2024

By: Robert Maddox, Friedrich Popp, Stephanie Thomas, Joshua Plastrik, Theo Wilson, Barney Lynock and Deniz Tanyolac August 27, 2024

Our top five European data protection developments from July are: EU AI guidance: Businesses should consider reviewing their AI policies and practices following guidance from the French CNIL and the…

Announcement

Financial Services Industry Comments on CISA’s Proposed Reporting Obligations for Critical Infrastructure

By: Erez Liebermann, Gabriel Kohan, HJ Brehmer, Stephanie Thomas, Jarrett Lewis, Melyssa Eigen, Joshua A. Goland and Annabella M. Waszkiewicz July 10, 2024

Debevoise’s Data Strategy and Security group recently assisted four leading trade associations that represent the financial services industry in preparing a joint comment letter in response to the Cybersecurity and…

Artificial Intelligence

European Data Protection Roundup – April 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Michiko Wongso, Oliver Binns, Anna Chirniciuc, Barney Lynock, Alfred Scott and Deniz Tanyolac May 28, 2024

Key takeaways from April include: UK FCA’s AI regulation: UK FCA-regulated firms should take note of the FCA’s newly confirmed approach to AI regulation that seeks to be outcome-focused, principle-led,…