Enforcement – Page 4 – Debevoise Data Blog

CCPA

CCPA Enforcement Update: California AG Announces a New Enforcement Sweep Targeting Customer Loyalty Programs

By: David Sarratt, Christopher S. Ford and HJ Brehmer January 31, 2022

On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating…

Announcement

Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data

By: Luke Dembosky, Avi Gesser and Michael R. Roberts January 7, 2022

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently…

Artificial Intelligence

Webcast – Cybersecurity and AI Whistleblowers

By: Avi Gesser, Anna Gressel, Jyotin Hamid and Maeve O'Connor December 15, 2021

On December 16, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group were joined by Maeve O’Connor and Jyotin Hamid of our Commercial Litigation Group for a special…

Artificial Intelligence

Increased Focus by Federal Regulators on AI and Consumer Protection in the Financial Sector

By: Courtney M. Dankworth, Avi Gesser, Gregory Lyons, James Amler, Caroline Novogrod Swett, Frank Colleluori, Adrian Gonzalez, Anna Gressel and Alexandra Mogul November 10, 2021

As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications…

Cybersecurity

Six Takeaways from Debevoise’s SEC Cybersecurity Year in Review 2021

By: Julie M. Riewe, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta November 5, 2021

On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists,…

Artificial Intelligence

Cybersecurity and AI Whistleblowers: Unique Challenges and Strategies for Reducing Risk

By: Avi Gesser, Anna Gressel, Corey Goldstein, Michael Pizzi and Andreas Constantine Pavlou November 1, 2021

Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”). First, on October 28, 2021, New York…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…

CCPA

The State of State Law Cybersecurity Requirements

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Alexandra P. Swain, Suchita Mandavilli Brundage and Parker Eudy September 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…

Enforcement

Improved Cybersecurity Can Mitigate Sanctions Risk and Other Takeaways from the Latest OFAC Advisory on Ransomware

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Sarah Q. Smith September 23, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (the “Advisory”) on sanctions risks associated with payments to threat…

Enforcement

Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations

By: Avi Gesser, Charu A. Chandrasekhar, Eric Silverberg, Mengyi Xu and Adrian Gonzalez September 20, 2021

As part of our ongoing series on enforcement actions by the Securities and Exchange Commission (“SEC”) in data- and cybersecurity-related matters (here, here, and here), we have been closely tracking…