On March 24, 2022, Utah enacted a comprehensive consumer privacy law, the Utah Consumer Privacy Act (“UCPA”). The UCPA, effective on December 31, 2023, is largely consistent with other comprehensive state privacy laws, but includes several key differences. The UCPA is set to be reviewed by the attorney general who must submit a report to the legislature by July 1,…

On April 21, 2022 , Avi Gesser of Debevoise’s Data Strategy & Security Group spoke at Cybersecurity Docket’s Incident Response Forum Masterclass 2022. The panel was on “Incident Response: State of Play” and included a small group of peers at other law firms as well as Todd Renner, Senior Managing Director, FTI Consulting. To view an on-demand version of the…

Today, it is widely accepted that most large organizations benefit from maintaining a written cybersecurity incident response plan (“CIRP”) to guide their responses to cyberattacks.  For businesses that have invested heavily in artificial intelligence (“AI”), the risks of AI-related incidents and the value of implementing an AI incident response plan (“AIRP”) to help mitigate the impact of AI incidents are…

On April 19, 2022, Kristin Snyder and Charu Chandrasekhar of Debevoise’s White Collar & Regulatory Defense Group, and Avi Gesser and HJ Brehmer of Debevoise’s Data Strategy & Security Group hosted a webcast on the Securities and Exchange Commission’s activity with respect to cybersecurity thus far in 2022. Topics included: How issuers, registered investment advisers, and funds can prepare for…

As more businesses adopt artificial intelligence (AI), directors on many corporate boards are starting to consider their oversight obligations. Part of this interest is related to directors’ increasing focus on Environmental, Social and Governance (ESG) issues. There is a growing recognition that, for all its promise, AI can present serious risks to society, including invasion of privacy, carbon emissions and…

Artificial intelligence (AI) is becoming part of the core business operations at many companies. This widespread adoption of AI has led to a proliferation of corporate “ethical AI” principles and programs, as companies seek to ensure that they are using AI fairly and responsibly, and in a manner consistent with the growing expectations of customers, employees, investors, regulators, and the…

On December 7, 2021, Anna Gressel and Jim Pastore from Debevoise’s Data Strategy and Security and Commercial Litigation Groups participated in the third edition of the “The Athens Roundtable on Artificial Intelligence and the Rule of Law,” the premier international, multi-stakeholder gathering on artificial intelligence, legal systems, and functions, regulatory compliance, and the rule of law. Anna and Jim hosted a…

On March 24, 2022, the Hedge Fund Law Report published an article on the recently proposed cybersecurity rules for investment advisers and registered investment funds, which featured an interview with Avi Gesser, Co-Chair of the Debevoise Data Strategy and Security Practice:   SEC Proposes Cyber Risk Management Rules for Advisers The article discusses the following aspects of the proposal: Rationale for…

On Tuesday, March 22, Anna Gressel and Avi Gesser from our Data Strategy and Security Group and Tigist Kassahun of our M&A and Corporate IP practices hosted a timely discussion on emerging issues around contracting, diligence, and oversight of third-party data and artificial intelligence (AI) models. The webinar addressed: Regulatory and liability issues related to oversight of third-party data and AI models,…

A recent FTC settlement is the latest example of a regulator imposing very significant costs on a company for artificial intelligence (“AI”) or privacy violations by requiring them to destroy algorithms or models. As companies invest millions of dollars in big data and AI projects, and regulators become increasingly concerned about the risks associated with automated decision-making (e.g., privacy, bias,…