On December 7, 2021, Anna Gressel and Jim Pastore from Debevoise’s Data Strategy and Security and Commercial Litigation Groups participated in the third edition of the “The Athens Roundtable on Artificial Intelligence and the Rule of Law,” the premier international, multi-stakeholder gathering on artificial intelligence, legal systems, and functions, regulatory compliance, and the rule of law. Anna and Jim hosted a…

On March 24, 2022, the Hedge Fund Law Report published an article on the recently proposed cybersecurity rules for investment advisers and registered investment funds, which featured an interview with Avi Gesser, Co-Chair of the Debevoise Data Strategy and Security Practice:   SEC Proposes Cyber Risk Management Rules for Advisers The article discusses the following aspects of the proposal: Rationale for…

On Tuesday, March 22, Anna Gressel and Avi Gesser from our Data Strategy and Security Group and Tigist Kassahun of our M&A and Corporate IP practices hosted a timely discussion on emerging issues around contracting, diligence, and oversight of third-party data and artificial intelligence (AI) models. The webinar addressed: Regulatory and liability issues related to oversight of third-party data and AI models,…

A recent FTC settlement is the latest example of a regulator imposing very significant costs on a company for artificial intelligence (“AI”) or privacy violations by requiring them to destroy algorithms or models. As companies invest millions of dollars in big data and AI projects, and regulators become increasingly concerned about the risks associated with automated decision-making (e.g., privacy, bias,…

On March 15, 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”) into law, requiring critical infrastructure entities to report covered cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours and report ransom payments to CISA within 24 hours of payment. The Act, which was incorporated into the 2022…

On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment advisers and funds, which we discussed here, the SEC continues to prioritize cybersecurity disclosures to the marketplace, placing particular emphasis on timely and detailed disclosures of material cybersecurity incidents, as…

Since we last wrote about data minimization, there have been several regulatory developments that illustrate the increasing operational and regulatory risks of keeping large volumes of old data. As cyber threats continue to grow, and consumers gain more privacy rights over their personal data, businesses need robust data minimization programs that can significantly reduce the amount of sensitive data they…

Effective May 7, 2022, most New York employers must notify their employees of any electronic monitoring by posting a notice in the workplace. Additionally, employers must give express written notice to all new employees of any electronic monitoring the employer performs and obtain written or electronic acknowledgment of such monitoring. The law applies broadly to any employer that is an…

On February 9, 2022, the SEC released its much-anticipated proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds.  Many of the proposals follow the trends that members of the Debevoise Data Strategy & Security and White Collar & Regulatory Defense practice groups discussed during a November 2021 webcast on the SEC’s Cybersecurity Year…

On Friday, February 11, 2022, Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice and Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group, hosted Part II of their webcast on Artificial Intelligence and Discrimination in the Insurance industry. The team discussed the rapidly emerging regulatory landscape around AI and discrimination. Topics included: Regulatory developments since…