Regulation – Page 7 – Debevoise Data Blog

Artificial Intelligence

Why Ethical AI Initiatives Need Help from Corporate Compliance

By: Bruce Yannett, Avi Gesser, Douglas Zolkind, Anna Gressel and Adele Stichel April 4, 2022

Artificial intelligence (AI) is becoming part of the core business operations at many companies. This widespread adoption of AI has led to a proliferation of corporate “ethical AI” principles and…

Cybersecurity

SEC Proposes Cyber Risk Management Rules for Advisers – The Hedge Fund Law Report Article

By: Avi Gesser March 30, 2022

On March 24, 2022, the Hedge Fund Law Report published an article on the recently proposed cybersecurity rules for investment advisers and registered investment funds, which featured an interview with…

Cybersecurity

Four Takeaways from the SEC’s Proposed Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Julie M. Riewe, Charu A. Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta February 16, 2022

On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. Many of the proposals follow…

CISA

SEC Cybersecurity Update: Chair Gensler Offers Insight into Upcoming Regulation

By: Avi Gesser, Charu A. Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta January 25, 2022

On January 24, 2022, SEC Chair Gary Gensler gave a speech on cybersecurity rulemaking to the Annual Securities Regulation Institute, outlining a number of key points he expects the SEC…

Cybersecurity

Webcast – Complying with the 36-Hour Breach Notification Rule for Banks and Other Short Deadlines – Revising Incident Response Plans and Tips from the Front Lines

By: Avi Gesser January 24, 2022

On January 18, 2022, Avi Gesser from our Data Strategy and Security Group spoke at a webcast for the Risk Management Association on complying with shrinking breach notification deadlines. The…

Cybersecurity

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

By: Luke Dembosky, Avi Gesser, Ted Hassi, Jim Pastore, Paul D. Rubin, Johanna Skrzypczyk, Christopher S. Ford, Leah Martin and Melissa Runsten January 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and…

Announcement

Banking Regulators Finalize 36-Hour Data Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Satish Kini, Gregory Lyons, Johanna Skrzypczyk, Christopher S. Ford, Alexandra Mogul and Erik Rubinstein November 23, 2021

On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…

Artificial Intelligence

Increased Focus by Federal Regulators on AI and Consumer Protection in the Financial Sector

By: Courtney M. Dankworth, Avi Gesser, Gregory Lyons, James Amler, Caroline Novogrod Swett, Frank Colleluori, Adrian Gonzalez, Anna Gressel and Alexandra Mogul November 10, 2021

As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications…

Cybersecurity

Six Takeaways from Debevoise’s SEC Cybersecurity Year in Review 2021

By: Julie M. Riewe, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta November 5, 2021

On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists,…

Regulation

China Passes the Personal Information Protection Law

By: William Y. Chua, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Edwin Northover, Jim Pastore, Emily Lam, Philip Rohlik, Johanna Skrzypczyk and Tingting Wu October 11, 2021

On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”).1 The PIPL will take effect on November 1, 2021.2 A breakdown…