Adding to the growing number of cybersecurity incident reporting obligations, the Cybersecurity and Infrastructure Security Agency (“CISA”) has introduced a reporting requirement that will impact all critical infrastructure sectors, featuring…
Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…
As we approach the end of the year, here are the Top 10 SEC cyber posts on the Debevoise Data Blog in 2023 by page views. If you are not…
Key takeaways from November include: AI Regulation: Businesses utilizing AI in the EU, particularly those in healthcare and generative AI, should keep in mind that European authorities and regulators continue…
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2023 by page views. If you are not already…
On November 7, 2023, the profilic ransomware group AlphV (a/k/a “BlackCat”) reportedly breached software company MeridianLink’s information systems, exfiltrated data and demanded payment in exchange for not publicly releasing the…
As will be discussed in our November 28, 2023 webcast, on November 1, 2023, the New York Department of Financial Services (“NYDFS” or the “Department”) announced the adoption of the…
On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) issued its 2024 Examination Priorities (the “2024 Priorities”). The 2024 Priorities reflect the Commission’s continued scrutiny of information security and…
The White House has certainly been true to its word on pushing forward on cyber. In July 2023, following the release of the Biden Administration’s (“the Administration”) National Cybersecurity Strategy…
On June 28, 2023, the New York Department of Financial Services (“NYDFS”) announced its Revised Proposed Second Amendment to its Cybersecurity Regulation, 23 NYCRR Part 500 (the “Revised Amendment” or…