On November 15, 2021, President Biden signed the Infrastructure Investment and Jobs Act into law, authorizing $1.2 trillion for infrastructure spending, including approximately $2 billion for various federal cybersecurity projects. This adds to a large number of cybersecurity bills that are currently pending before Congress. In this Debevoise Data Blog post, we outline the key themes and takeaways of these…
On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Amended Rule”). This rule, promulgated pursuant to the Gramm-Leach-Bliley Act, is designed to protect the consumer data collected by non-bank financial institutions, such as mortgage lenders and brokers, “pay day” lenders, and automobile dealerships, among many…
Overview In a much anticipated decision, the UK Supreme Court has unanimously decided that a mass claim brought against Google by Mr Richard Lloyd, on behalf of a class that could include as many as 4.4 million iPhone users (the “iPhone Users”), cannot proceed, as currently constituted, as a ‘representative action’ in the English courts. The decision is the latest…
International companies doing business in China and Chinese companies doing business internationally have been awaiting clarification on the rules of the road governing the cross-border transfer of data out of China. On October 29, 2021, the Cyberspace Administration of China (“CAC”) released long-awaited Draft Measures on Outbound Data Transfer Security Assessments (the “Draft Measures”) for public comment. The Draft Measures,…
As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications of these technologies. Most recently, the Department of Justice (“DOJ”), in partnership with the Consumer Financial Protection Bureau (“CFPB”) and the Office of the Comptroller of the Currency (“OCC”), announced…
On November 8, 2021, the U.S. Department of the Treasury (“Treasury”) announced a new set of sanctions against criminal ransomware actors, the virtual currency exchange Chatex, and three companies providing material support and assistance to Chatex. By designating these entities, which have direct ties with the previously sanctioned SUEX OTC, S.R.O. (“SUEX”), Treasury is suggesting that it will continue to use…
On November 2, members of our Data Security & Strategy and White Collar & Regulatory Defense teams hosted a webcast on the SEC’s Cybersecurity Year in Review 2021. The panelists, Julie Riewe, Christopher Ford, and HJ Brehmer discussed regulatory trends regarding enforcement actions, disclosures, and proposed rulemaking, with a particular focus on notable enforcement actions from the past 12 months.…
European Data Protection Roundup – October 2021 Key takeaways this October include: Liability for excessive security footage: The need to ensure security systems are configured appropriately to minimise the scope of video and audio footage captured, after an English court found a homeowner’s use of popular smart cameras violated the UK General Data Protection Regulation (“GDPR”). Subject access requests: The…
Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”). First, on October 28, 2021, New York State amended its Labor Law to dramatically increase whistleblower protections. This brings New York in line with a small but growing number of states, including New Jersey, with very broad…
On Wednesday, November 3, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group joined guests Liz Grennan, Doug McElhaney and Alex Singla of McKinsey, for a special installment of our Data Security Webcast on managing AI risks in the insurance sector. While artificial intelligence (AI) helps companies generate value, it also produces a variety of risks and…