The following scenario is no longer science fiction: An employee receives an email from the CEO asking her to join a video call. The CEO directs the employee to send confidential documents to a third party. The request is unusual, but the employee saw the CEO with her own eyes, so she complies. It turns out, however, that it was…

As we approach the end of the year, here are the Top 10 posts on the Debevoise FinReg and FinTech Blog in 2023. If you are not already a Blog subscriber, click here to sign up. 1. Basel III Endgame Proposal Released Over Dissent (July 28, 2023) After several years of anticipation, the Federal Reserve Board (“FRB”), Federal Deposit Insurance Corporation…

On December 19, 2023, the Federal Trade Commission (the “FTC”) announced a complaint and a proposed stipulated order against a large drugstore chain (the “Company”) in connection with the Company’s alleged unfair use of facial recognition technology in retail stores to identify persons who had previously engaged in shoplifting or other wrongful activities (the “Action”). The Action provides a roadmap…

As we approach the end of the year, here are the Top 10 SEC cyber posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. 1. SEC Adopts New Cybersecurity Rules for Issuers (July 28, 2023) On July 26, 2023, the SEC adopted the long-anticipated final…

Key takeaways from November include: AI Regulation: Businesses utilizing AI in the EU, particularly those in healthcare and generative AI, should keep in mind that European authorities and regulators continue to stress pre-existing obligations relating to AI in technology-neutral regulations, notwithstanding the recently reached political agreement on the EU AI Act; Employee monitoring: Businesses with employees in France should be…

As we approach the end of the year, here are the Top 10 Webcasts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. 1. NYDFS Cybersecurity Final Amendments (November 28, 2023) In this webcast, we examined the final amendments to Cybersecurity Regulation, 23 NYCRR Part 500,…

As we approach the end of the year, here are the Top 10 Artificial Intelligence (“AI”) posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. 1. Overview of Global AI Regulatory Developments and Some Tips to Reduce Risk (May 3, 2023) In April 2023, the European Parliament…

As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. 1. A Summary of the Final Amendments to the NYDFS Cyber Rules (November 14, 2023) On November 1, 2023, the New York…

On December 19, 2023, Erez Liebermann and Martha Hirst from the Debevoise Data Strategy and Security Group hosted the first in a series of webcasts in connection with the release of our inaugural Cybersecurity Desk Guide for Counsel. They were joined by special guests Kelly Harris (Global Head of Cyber Legal at UBS) and Dan Sutherland (Director and Associate General…

The SEC’s new cybersecurity rules for public companies became effective on December 18, 2023. The rules require disclosure of a cybersecurity event within four business days of a determination that it is material.  They also provide that such disclosure may be delayed for up to 30 days if the United States Attorney General (or per DOJ guidelines, the Attorney General’s authorized…