On July 14, 2023, California Attorney General Rob Bonta announced a California Consumer Privacy Act (“CCPA”) enforcement sweep focused on large California employers’ compliance with the CCPA’s requirements applicable to the personal information of employees and job applicants. This is a clear signal that the Attorney General will not wait to pursue enforcement of these provisions, even though the California…

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) announced its Revised Proposed Second Amendment to its Cybersecurity Regulation, 23 NYCRR Part 500 (the “Revised Amendment” or “June 2023 Amendment”), which reflects revisions made by the NYDFS as a result of comments it received on its Initial Proposed Second Amendment released in November 2022 (the “Initial Amendment”…

On Friday, July 7th, 2023, Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, and Stephanie Thomas hosted a webcast that examined the Revised Proposed 2nd Amendment to the Part 500 Cybersecurity Rules released by the New York Department of Financial Services and discussed what changes were made, what still needs fixing, and the implications that the new draft may have…

On June 22, 2023, Robert Maddox, International Counsel, and Tristan Lockwood, Associate, delivered the latest instalment of the Debevoise London insurance industry webinar series, focusing on the European Union’s Digital Operational Resilience Act and what it means for the Insurance Sector. Topics included: The history and context of DORA; Management obligations and the role of the Board; Incident reporting, operational…

On April 19, 2023, the New York Attorney General (the “NYAG”) published new guidance (the “Guide”) recommending security measures for companies entrusted with consumers’ personal information. The Guide supplements the reasonable safeguards already outlined in the New York Shield Act, which, in part, requires covered entities to maintain reasonable security measures when handling personal information related to New York residents.…

Over the past three years, we have observed many companies in a wide range of sectors adopt Artificial Intelligence (“AI”) applications for a host of promising use cases. In some instances, however, those efforts have ended up being less valuable than anticipated—and in a few cases, were abandoned altogether—because certain risks associated with adopting AI were not properly considered or…

On Tuesday, June 13, 2023 Eric Dinallo of the Insurance Regulatory Group and Avi Gesser and Stephanie Thomas of the Data Strategy & Security Group hosted an informative discussion on the revised regulations that were released on May 26, 2023 for the Colorado AI Insurance law. Topics included: Removal of many of the documentation requirements; Focus on external data; Limiting…

On May 10−12, 2023, the National Association of Attorneys General (the “NAAG”) held its Spring 2023 Consumer Protection Conference to discuss the intersection of consumer protection issues and technology. During the portion of the conference that was open to the public, panels featuring federal and state regulators, private legal practitioners, and industry experts discussed potential legal liabilities and consumer risks…

Key takeaways this May include: Facial recognition: Businesses, including those with no presence in the EEA, face continued challenges in establishing GDPR-compliant facial recognition technology after the French CNIL fined Clearview AI an additional € 5.2 million for failing to comply with its previous order against the company. GDPR individuals’ rights: Businesses should look to two new CJEU decisions on…