Enforcement – Debevoise Data Blog

Data Minimization

Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records

By: Avi Gesser, Johanna Skrzypczyk and Michael R. Roberts March 1, 2022

Since we last wrote about data minimization, there have been several regulatory developments that illustrate the increasing operational and regulatory risks of keeping large volumes of old data. As cyber…

Cybersecurity

Four Takeaways from the SEC’s Proposed Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Julie M. Riewe, Charu Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta February 16, 2022

On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. Many of the proposals follow…

CCPA

CCPA Enforcement Update: California AG Announces a New Enforcement Sweep Targeting Customer Loyalty Programs

By: David Sarratt, Christopher S. Ford and HJ Brehmer January 31, 2022

On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating…

Announcement

Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data

By: Luke Dembosky, Avi Gesser and Michael R. Roberts January 7, 2022

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently…

Artificial Intelligence

Webcast – Cybersecurity and AI Whistleblowers

By: Avi Gesser, Anna Gressel, Jyotin Hamid and Maeve O'Connor December 15, 2021

On December 16, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group were joined by Maeve O’Connor and Jyotin Hamid of our Commercial Litigation Group for a special…

Artificial Intelligence

Increased Focus by Federal Regulators on AI and Consumer Protection in the Financial Sector

By: Courtney M. Dankworth, Avi Gesser, Gregory Lyons, James Amler, Caroline Novogrod Swett, Frank Colleluori, Adrian Gonzalez, Anna Gressel and Alexandra Mogul November 10, 2021

As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications…

Cybersecurity

Six Takeaways from Debevoise’s SEC Cybersecurity Year in Review 2021

By: Julie M. Riewe, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta November 5, 2021

On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists,…

Artificial Intelligence

Cybersecurity and AI Whistleblowers: Unique Challenges and Strategies for Reducing Risk

By: Avi Gesser, Anna Gressel, Corey Goldstein and Michael Pizzi November 1, 2021

Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”). First, on October 28, 2021, New York…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…

CCPA

The State of State Law Cybersecurity Requirements

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Alexandra P. Swain, Suchita Mandavilli Brundage and Parker Eudy September 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…