Stephanie Thomas – Page 4 – Debevoise Data Blog

GDPR

Article: 8 Hallmarks of effective Data Protection by Design and Default

By: Robert Maddox and Stephanie Thomas June 1, 2023

Privacy and Data Protection, a leading UK journal on practical data protection compliance issues, has featured in its latest edition an article by Robert Maddox and Stephanie Thomas on the…

Artificial Intelligence

The Revised Colorado AI Insurance Regulations: What Was Fixed, and What Still May Need Fixing

By: Eric Dinallo, Avi Gesser, Matt Kelly, Anna Gressel, Stephanie Thomas, Samuel J. Allaman and Melissa Muse May 31, 2023

On May 26, 2023, the Colorado Division of Insurance (the “DOI”) released its Revised Draft Algorithm and Predictive Model Governance Regulation (the “Revised Regulation”), amending its initial draft regulation (the…

EU

European Data Protection Roundup – April 2023

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Martha Hirst, Stephanie Thomas, Tristan Lockwood, Maria Epishkina and Maria Santos May 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO…

Operational Resilience

European Data Protection Roundup – March 2023

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Tristan Lockwood, Maria Epishkina, Alexandre Pous and Maria Santos April 28, 2023

Key takeaways this March include: Fairness in AI: Businesses utilising AI may want to assess fairness principles in accordance with the latest UK ICO guidance, which includes clarification around AI…

GDPR

European Data Protection Roundup – February

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Aisling Cowell, Stephanie Thomas, Tristan Lockwood, Maria Epishkina, Sophie Michalski, Alexandre Pous and Maria Santos March 27, 2023

Key takeaways from this February include: Enforcement: Businesses that use third party data to conduct marketing should review the lawful basis on which each party relies to collect and process…

Cybersecurity

National Cybersecurity Strategy (Part 1): The White House Urges Private and Public Action

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Michael R. Roberts, Mengyi Xu, Noah L. Schwartz, Stephanie Thomas, Jarrett Lewis and Jacob Hochberger March 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the…

Privacy

Privacy by Design: Insights from the UK ICO’s Product Design Forum

By: Robert Maddox, Stephanie Thomas, Maria Epishkina and Maria Santos March 8, 2023

On 23 February 2023, the UK ICO hosted its latest privacy forum in a series aimed at helping product designers and managers incorporate “privacy by design” or “data protection by…

Cybersecurity

Takeaways from Proposed Changes to the NIST Cybersecurity Framework

By: Avi Gesser, Erez Liebermann, Michael R. Roberts, HJ Brehmer, Corey Goldstein, Stephanie Thomas and Jackie Dorward February 27, 2023

Risk assessments are a critical component of a robust cybersecurity program. To benchmark their risk assessments and cybersecurity maturity reviews, companies often look to recognized industry standards such as the…

Enforcement

European Data Protection Roundup – December 2022 and January 2023

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Tristan Lockwood, Melissa Muse, Anya Allen, Emily Morgan, Alexandre Pous and Maria Santos February 20, 2023

Key takeaways from December and January include: Cookies: Businesses should consider reviewing their cookie compliance following major CNIL fines against Microsoft (€60 million) and TikTok (€5 million) calling for companies…

EU

European Roundup – 2022’s Top Trends Signal Regulatory Direction for 2023

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas and Tristan Lockwood January 30, 2023

Last year, yet again, saw significant GDPR enforcement actions, important regulatory guidance, and an abundance of European legislative activity touching on cyber, data protection and AI-regulatory issues. Here, we unpack…