On Friday, May 12, 2023, Eric Dinallo of our Insurance Regulatory Group and Avi Gesser and Suchita Brundage of our Data Strategy & Security Group hosted an informative discussion on ChatGPT and other Generative AI policies for insurance companies. This webcast covered: Various approaches to adopting Generative AI, including bans, licenses, and pilot programs; Examples of generally permitted and generally…

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. Updated EU “One-Stop Shop” guidance: Non-EEA established businesses may want to revisit their breach notification procedures after…

Luke Dembosky, Erez Liebermann and Jim Pastore have been named to Cybersecurity Docket’s “Incident Response 50” list for 2023. The list recognizes the “50 best incident response legal and compliance professionals in the industry” and is described by Cybersecurity Docket as the top 50 incident response attorneys and compliance professionals who not only have the right credentials and experience to…

With last week’s political deal in European Parliament to advance the European Union’s groundbreaking AI Act (the “EU AI Act”), Europe is one step closer to enacting the world’s first comprehensive AI regulatory framework. Yet while the EU is poised to become the first jurisdiction to take this step, other countries are not far behind. In recent months, the U.S.,…

Key takeaways this March include: Fairness in AI: Businesses utilising AI may want to assess fairness principles in accordance with the latest UK ICO guidance, which includes clarification around AI design and use; Notification timelines: Businesses may want to revisit their incident response plans to ensure they envisage breach notifications being made even when investigations remain ongoing; Data Processing Agreements:…

Debevoise & Plimpton LLP announced today that Matthew Kelly has joined the firm’s New York office as counsel and a member of its award-winning Data Strategy & Security Group. Mr. Kelly will help lead the Group’s AI advisory work, an area where the firm is a recognized market-leader according to a recent feature in The American Lawyer, and advise on complex, high-impact cybersecurity matters,…

Back in November 2022, we highlighted the enactment of the EU’s Digital Operational Resilience Act (“DORA”) that will impose far-reaching operational resilience requirements and Board oversight requirements on almost all financial services firms regulated in the EU – including banks, insurers, payment services providers, crypto asset custodians, fund managers, among many others.  DORA also regulates critical service providers that, for…

Agenda recently interviewed Avi Gesser on the legal risks associated with generative AI tools, whether company boards need AI experts, and which board committee should be responsible for overseeing AI risk and compliance. Here are some of the relevant quotes: “AI has lots of beneficial commercial uses, but it can also create reputational risks, operational risk, and legal risks. For…

Following recent enforcement action by the UK Prudential Regulation Authority (“PRA”) against Wyelands Bank, which was partly based on its failure to retain business-related messages exchanged by senior executives and directors, regulated firms may want to review how they handle employees’ use of personal devices for work purposes. The PRA strongly criticised Wyelands’ lack of record-keeping policies and procedures to…

The New York City Department of Consumer and Worker Protection (the “DCWP”) has adopted final rules (the “Final Rules”) regulating the use of artificial intelligence for hiring practices. The DCWP’s Automated Employment Decision Tool Law (the “AEDT Law” or the “Law”) requires covered employers to conduct annual independent bias audits and to post public summaries of those results. To recap,…