On March 15, 2024 from 11:00 am – 12:00 pm (EDT), Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie Thomas from our Data Strategy and Security and Banking Groups will host the next installment of our Data Security Webcast, where we will delve into the Commodity Futures Trading Commission’s (“CFTC”) notice of proposed rulemaking for an operational resilience framework for…

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of Form 8-K requires U.S. public companies to disclose material cybersecurity incidents. We have been tracking Form 8-K filings under the new SEC requirements since the rules went into effect on…

On February 28, 2024, President Biden issued an Executive Order (the “Order”) designed to protect the “sensitive personal data” of Americans from “exploitation” by “countries of concern” or related “covered persons.” Concurrently, the Department of Justice (“DOJ”) released an Advance Notice of Proposed Rulemaking (“Advance Notice”), detailing potential definitions for key terms not defined in the Order, discussing the potential…

Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their data subject access request processes easy to navigate, the Dutch data protection authority fined Uber €10 million for, amongst other failings: (i) not specifying to drivers how long it retained…

On 18 March 2024 at 15:00 UK, Avi Gesser and Martha Hirst from the Debevoise Data Strategy and Security Group, in conjunction with the AI UK 2024 symposium, presented on the regulatory developments, and associated governance risks, relating to AI use. The presentation included practical guidance that can support businesses’ ability to use AI agilely within a developing regulatory landscape.…

Registered investment advisers (“RIAs”) have swiftly embraced AI for investment strategy, market research, portfolio management, trading, risk management, and operations.  In response to the exploding use of AI across the securities markets, Chair Gensler of the Securities and Exchange Commission (“SEC”) has declared that he plans to prioritize securities fraud in connection with AI disclosures and warned market participants against…

Almost a year after it initially published its White Paper on AI Regulation (the “AI White Paper”) and launched its associated consultation, the UK government has published its consultation response (the “AI Response Paper”). The AI Response Paper confirms the current government’s intention to take a “pro-innovation” approach to AI regulation, leaving individual regulators to supervise the use of AI…

We recently highlighted the need for companies to manage risks associated with the adoption of AI technology, including the malicious use of real-time deepfakes (i.e., AI-generated audio or video that impersonates a real person). In this article, we address three AI-related insider risks that warrant special attention by corporate compliance departments (i.e., insider deepfakes, barrier evasion, and model manipulation) and…

On February 14, 2024, Deputy Attorney General Lisa O. Monaco announced an initiative within the U.S. Department of Justice to ramp up the detection and prosecution of crimes perpetrated through artificial intelligence (AI) technology, including seeking harsher sentences for certain AI-assisted crimes. Monaco also announced a new effort to evaluate how the Department can best use AI internally to advance…

On Friday, February 9, 2024, from 11:00-11:30 AM Eastern, Eric Dinallo of the Insurance Regulatory Group, and Avi Gesser and Sharon Shaji of the Data Strategy & Security Group, are hosting a discussion on the NYDFS Proposed AI Insurance Circular Letter that was released on January 17, 2024, which sets out detailed requirements for insurance companies operating in New York…