The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023.  In addition, the Colorado Privacy Act (“ColoPA”) takes effect on July 1, 2023.  These developments have companies understandably concerned about complying with a patchwork of state laws. How can companies prepare? Diligently…

On December 16, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group were joined by Maeve O’Connor and Jyotin Hamid of our Commercial Litigation Group for a special installment of our Data Security Webcast on artificial intelligence (AI) and cybersecurity whistleblowers. While AI helps companies generate value, it also produces a variety of risks and ethical issues. During…

On December 7, 2021, the New York Department of Financial Services (“DFS”) released new guidance on multifactor authentication (“MFA”), indicating that it is increasing its review of MFA during examinations, with a particular emphasis on probing for the common MFA failures discussed below. The DFS issued the Guidance in response to rising cybersecurity threats and exploitation by threat actors of…

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications for companies that process data within China as, once adopted, they will implement the country’s three-pillar data protection regime framework:  the Cybersecurity Law (“CSL”); the Data Security Law (“DSL”); and…

On November 10, 2021, Avi Gesser and Anna Gressel from Debevoise’s Data Strategy and Security Group shared their insights as part of a World Bank panel on FinTech and Racial Equity, moderated by Kiril Nejkov of the International Finance Corporation. Avi and Anna, along with co-panelists Kareem Saleh of Fairplay AI and Tatiana Campello of Demarest, highlighted how artificial intelligence…

The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to the laws and regulations that govern how companies collect, use, store and transfer the personal information of their consumers and employees. Edited by Debevoise partners Jeremy Feigelson, Jim Pastore, and…

The inter-agency crypto-asset policy sprint initiative has finally taken off. This morning the Federal Reserve Board, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued their first joint statement (the “Statement”) summarizing progress on a series of crypto-asset[1] policy sprints and revealing next steps. The Statement is a continuation of an…

On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that banking organizations notify their primary federal regulator within 36 hours after experiencing a material or potentially material cybersecurity event. The Final Rule will go into effect on April 1, 2022,…

On November 15, 2021, President Biden signed the Infrastructure Investment and Jobs Act into law, authorizing $1.2 trillion for infrastructure spending, including approximately $2 billion for various federal cybersecurity projects. This adds to a large number of cybersecurity bills that are currently pending before Congress. In this Debevoise Data Blog post, we outline the key themes and takeaways of these…

On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Amended Rule”).  This rule, promulgated pursuant to the Gramm-Leach-Bliley Act, is designed to protect the consumer data collected by non-bank financial institutions, such as mortgage lenders and brokers, “pay day” lenders, and automobile dealerships, among many…