Most companies have implemented protocols for when an employee emails confidential information to the wrong person. A new version of that problem occurs when an employee uploads sensitive information to…
OVERVIEW OF THE NEW LEGISLATION Definitions The new legislation, described as the first Hong Kong cybersecurity law, regulates designated “Operator of Critical Infrastructure” (the “CIO”) and its “Critical Computer Systems”…
On February 20, 2025, the SEC announced the creation of the Cyber and Emerging Technologies Unit (“CETU”) to focus on “combatting cyber-related misconduct and to protect retail investors from bad…
Introduction On December 20, 2024, the Federal Trade Commission (the “FTC”) finalized a consent agreement (“Consent Order”) with Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC…
On December 19, 2024, the U.S. Department of Treasury (“Treasury”) released a report on The Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector (the “Report”). The…
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…
As we approach the end of the year, here are the Top 11 Artificial Intelligence (“AI”) posts on the Debevoise Data Blog in 2024 by page views. If you are…
On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) opened the formal public comment period for its recently approved formal proposed rulemaking package for annual cybersecurity audits, automated…
In Part 1 of this series, we discussed the recent Circular and accompanying Appendix issued by Hong Kong’s Security and Futures Commission (the “SFC”) on cybersecurity risks and mitigations related…
On November 12, 2024, Hong Kong’s Security and Futures Commission (the “SFC”) issued a Circular (the “Circular”) with an accompanying appendix (the “Appendix”) setting out the SFC’s view of the…