On February 1, 2023, the Colorado Division of Insurance (“DOI”) released its draft Algorithm and Predicative Model Governance Regulation (the “Draft AI Regulation”). The Draft AI Regulation imposes requirements on Colorado-licensed life insurance companies that use external data and AI systems in insurance practices. This release follows months of highly active engagement between the DOI and industry stakeholders, resulting in…

On Monday, February 13, 2023, Eric Dinallo and Marshal Bozzo of the firm’s Insurance Regulatory Group and Avi Gesser, Erez Liebermann and Anna Gressel of the Data Strategy and Security Group discussed the latest developments on AI insurance regulation in Colorado. This was the latest installment in Debevoise’s series of webcasts focused on developments affecting the insurance industry; it covered the following: Key…

ChatGPT is an AI language model developed by OpenAI that was released to the public in November 2022 and already has millions of users. While most people were initially using the publicly available version of ChatGPT for personal tasks (e.g., generating recipes, poems, workout routines, etc.), many have started to use it for work-related projects. In this Debevoise Data Blog…

On Tuesday, February 7th, 2023, Erez Liebermann hosted Vladimir Drinkman for a conversation about the hacks, the prosecution and Drinkman’s role now as he looks to help companies facing today’s cyber threats.  Vladimir Drinkman participated in the largest credit and debit card hacking to date. He was arrested in Amsterdam and served time after receiving a 12 year sentence. Drinkman…

On February 1, 2023, the Colorado Attorney General (“COAG”) held a public hearing as part of its rulemaking process for the Colorado Privacy Act (“ColoPA”). Ahead of the hearing, the COAG released its third draft of proposed rules (“proposed rules”) for the ColoPA. Here in Part 2 of our 2023 U.S. State Privacy Laws series, we review key components of…

Last year, yet again, saw significant GDPR enforcement actions, important regulatory guidance, and an abundance of European legislative activity touching on cyber, data protection and AI-regulatory issues. Here, we unpack five trends which defined 2022 and signal areas to watch in 2023: Increased AI regulation; Prioritization of operational resilience; Focus on children’s privacy; Continued complication in data transfers out of…

On January 26, 2022, the FBI, DOJ, and international law enforcement partners dropped a bombshell of an announcement: they had dismantled the infrastructure of one of the most prolific ransomware groups. Hive Ransomware has long been known as an extremely active group, responsible for many ransomware attacks, including against hospitals. But the full extent of the Hive network was unknown…

Our ninth annual cross-disciplinary discussion on predictions and priorities for the upcoming year took place on Tuesday, January 24, 2023, from 8:30 to 10:30 AM Eastern. Our Debevoise practice leaders shared their insights, predictions, and action items for 2023, including what companies, their boards of directors, and financial sponsors can do now to get ahead of these key issues. Avi…

On Thursday, January 12, 2023 at 3:00 PM EST Erez Liebermann spoke on a virtual panel entitled The Changing Tides of Regulation: Navigating New Regulatory Requirements and Guidance Around Cybersecurity and Ransomware. The conference’s faculty included senior government cybersecurity officials from the FBI and OFAC, and nearly two dozen other legal and consulting professionals in the field of ransomware response.…

Content generated by artificial intelligence (“AI”) continues to improve and become more convincing.  These realistic images, audio, and videos, where used for purposes of a misrepresentation or to falsely spread information, are commonly dubbed “deepfakes.”  Governments around the world are taking notice of deepfakes and beginning to respond.  As reported by the Wall Street Journal, China’s internet regulator announced rules…