On Wednesday, May 25, 2022, Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group joined Luke Tenery and Michael Costa of StoneTurn’s Cybersecurity and Incident Response Group for an engaging discussion on Artificial Intelligence Incident Response hosted by the Cybersecurity Docket. The panel discussed: Current legal, compliance, and risks relating to AI that are likely to lead…
Connecticut’s Governor signed the state’s comprehensive privacy law into effect on May 10, 2022, adding yet another category of state privacy law. The Connecticut legislature largely drew upon provisions found in existing comprehensive U.S. state privacy laws in California, Virginia, Colorado, and Utah to draft “An Act Concerning Protection of Consumer Data Privacy and Online Monitoring” (the “Connecticut Privacy Act”…
On Friday, May 20, 2022, Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group and Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice had an engaging discussion on Artificial Intelligence and Discrimination in the Insurance Industry (Part III in this series). Topics included: Regulatory developments since Part II of our discussion on Artificial Intelligence and…
On Tuesday, May 24, at 11:00am ET, please join Anna Gressel and Avi Gesser from our Data Strategy and Security Group and William D. Regner, the Deputy Chair of our Corporate Department, for a timely discussion on AI oversight considerations and best practices for corporate boards, following up on our blog post “AI Oversight Is Becoming a Board Issue”. This…
One of the most significant trends in insurance regulation involves regulators requiring insurers to demonstrate that their use of alternative data (“Big Data”) and artificial intelligence (“AI”) is not discriminatory. On April 20, 2022, the Connecticut Insurance Department (the “Department”) released a notice titled “The Usage of Big Data and Avoidance of Discriminatory Practices” (the “Notice”) addressed to all entities…
On April 26, 2022, the Division of Examinations (“EXAMS”) of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert titled “Investment Adviser MNPI Compliance Issues” (“Risk Alert”) on the use of alternative data. The Risk Alert outlines EXAMS’ recent observations on compliance deficiencies related to Section 204A of the Investment Advisers Act of 1940—including deficiencies relating to policies…
On March 24, 2022, Utah enacted a comprehensive consumer privacy law, the Utah Consumer Privacy Act (“UCPA”). The UCPA, effective on December 31, 2023, is largely consistent with other comprehensive state privacy laws, but includes several key differences. The UCPA is set to be reviewed by the attorney general who must submit a report to the legislature by July 1,…
On April 21, 2022 , Avi Gesser of Debevoise’s Data Strategy & Security Group spoke at Cybersecurity Docket’s Incident Response Forum Masterclass 2022. The panel was on “Incident Response: State of Play” and included a small group of peers at other law firms as well as Todd Renner, Senior Managing Director, FTI Consulting. To view an on-demand version of the…
Today, it is widely accepted that most large organizations benefit from maintaining a written cybersecurity incident response plan (“CIRP”) to guide their responses to cyberattacks. For businesses that have invested heavily in artificial intelligence (“AI”), the risks of AI-related incidents and the value of implementing an AI incident response plan (“AIRP”) to help mitigate the impact of AI incidents are…
On April 19, 2022, Kristin Snyder and Charu Chandrasekhar of Debevoise’s White Collar & Regulatory Defense Group, and Avi Gesser and HJ Brehmer of Debevoise’s Data Strategy & Security Group hosted a webcast on the Securities and Exchange Commission’s activity with respect to cybersecurity thus far in 2022. Topics included: How issuers, registered investment advisers, and funds can prepare for…