Cybersecurity – Page 3 – Debevoise Data Blog

Compliance

Cyber Whistleblower Leads to DOJ Civil Settlement

By: Avi Gesser, Luke Dembosky, Andrew M. Levine, Erez Liebermann, Jim Pastore, Stephanie Cipolla and Michelle Shen November 4, 2024

On October 22, 2024, the U.S. Department of Justice (“DOJ”) announced that The Pennsylvania State University (“Penn State”), a public university in University Park, Pennsylvania, agreed to pay $1.25 million…

Artificial Intelligence

Webcast – Tips on Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser and Erez Liebermann October 30, 2024

On November 8th, Avi Gesser, Luke Dembosky, Erez Lieberman, and Charu Chandrasekhar from the Debevoise Data Strategy and Security Group discussed the recent NYDFS Industry Letter providing guidance on assessing…

Cybersecurity

NYDFS Part 500, One Year Later (Part One) – New Requirements Effective November 1, 2024

By: Avi Gesser, Erez Liebermann, Stephanie Thomas and Joshua A. Goland October 30, 2024

November 1, 2024, marks the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”).…

Cybersecurity

Making Tabletop Exercises Worth the Time and Resources

By: Luke Dembosky, Erez Liebermann, Stephanie Cipolla and Melyssa Eigen October 25, 2024

When a company is hit by a cyber attack, normal business gives way to the chaos of managing the investigation, operational disruptions, legal issues, and communications with customers, employees, vendors,…

Artificial Intelligence

Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Johanna Skrzypczyk, Marshal Bozzo, Mengyi Xu and Ned Terrace October 20, 2024

On October 16, 2024, the New York Department of Financial Services (the “NYDFS”) issued an Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI (the…

Cybersecurity

HUD Proposes to Narrow its Cyber Incident Notification Requirement

By: Avi Gesser, Erez Liebermann, Anna Moody, Stephanie Thomas and Karen Joo October 10, 2024

Earlier this year, the U.S. Department of Housing and Urban Development (“HUD”) released an unannounced and immediately effective Cyber Incident Reporting Requirement (the “Original Requirements”) in Mortgagee Letter 2024-10, which…

Cybersecurity

ICO Dawn Raids: How to respond and what you can do to prepare – An FAQ

By: Robert Maddox and Aisling Cowell September 25, 2024

In the UK, unannounced inspections of businesses’ premises, or “dawn raids”, are most often associated with authorities such as the Serious Fraud Office, National Crime Agency, Competition and Markets Authority…

Cybersecurity

Erez Liebermann to speak at the Director-Executive Summit

By: Erez Liebermann September 12, 2024

On November 14-15, 2024, the University of Texas School of Law and McCombs School of Business will host a groundbreaking event limited to public company directors and C-suite executives —…

Cybersecurity

The EU’s Draft NIS2 Regulations: Appropriate ICT Security Measures and Serious Incident Reporting

By: Robert Maddox and Martha Hirst August 12, 2024

The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the…

Automated Decision Making

European Data Protection Roundup – June 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Sophie Michalski, Léa Lascoux, Deniz Tanyolac and Samuel Thomson July 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft…