Overview Companies responding to data breaches are faced with the question of whether their incident response investigation is protected by attorney-client privilege or attorney work-product doctrine.  The issue primarily relates to whether reports generated by an incident response firm may be protected from discovery in U.S. litigation, but other communications may also be at risk in discovery if the work…

On August 20, 2025, Colorado’s Division of Insurance (the “Division”) adopted final amendments to its regulation on the Governance and Risk Management Framework Requirements for certain insurers that use external consumer data and information sources (“ECDIS”), algorithms, and predictive models that use ECDIS (“Models”) (the “Amended Regulation”). The Amended Regulation builds on the 2023 rule that directed governance, risk management,…

In a recent episode of the Afternoon Cyber Tea with Ann Johnson, Erez Liebermann, Debevoise Data Strategy and Security partner and Co-Chair of the firm’s Technology Group, joined Ann Johnson of Microsoft to discuss how legal and security teams can work as true strategic partners. He shared practical insights on aligning compliance with business priorities, building trust across functions, and…

Over the past several months, we have observed a significant increase in AI adoption among our clients. In this Debevoise Data Blog post, we provide five reasons why some businesses are accelerating their use of AI and eight factors that impact whether those efforts succeed. A. Five Reasons Why Businesses Are Accelerating AI Adoption AI Is Pretty Good Now and…

In recent blog posts, we provided a quick guide on which AI models should be used for which legal tasks (e.g., research vs. writing vs. image generation). We will be updating that post later this week in light of the release of GPT-5. We also wrote about how to use the various AI model features (e.g., Deep Research, Canvas, Custom…