Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and…
On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…
As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications…
On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists,…
On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown…
On October 8, 2021, Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice and Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group, held an engaging…
Almost everyone working in cybersecurity compliance is aware that each U.S. state has its own set of breach notification requirements. What is less known is that many of these states…
On 1 July 2021,[1] Federal Law No. 236-FZ on the Internet Activities of Foreign Entities in the Russian Federation (the “Law”)[2] came into force, requiring establishment of local presence, such…
Our three previous articles in this series on the future of AI regulation have discussed the RFI on AI issued by U.S. banking regulators, the draft EU AI regulation, and…
In our first post in this series on the future of AI regulation, we discussed the recent request for information (“RFI”) from U.S. federal banking regulators on the use of…