Debevoise Data Blog – Page 25

Robert Maddox to Speak at Incident Response Forum Europe 2024

By: Robert Maddox October 8, 2024

On Thursday, October 17th, at 10:40-11:25 AM (ET), Robert Maddox will speak on a virtual panel entitled “Ransomware in Europe: Best Practices and Pitfalls for Corporates and Other Organizations.” To learn more about the conference please click here. To register for free, please click here and use the code DEBEVOISE24EU Incident Response Forum Europe 2024 is a unique, one-day conference that brings together…

Good AI Vendor Risk Management Is Hard, But Doable

By: Avi Gesser, Matt Kelly, Johanna Skrzypczyk, Tigist Kassahun, Jarrett Lewis and Joshua A. Goland September 26, 2024

As companies slowly ramp up the depth and breadth of their AI adoption, one of the most difficult challenges they face is managing third-party risk. Most companies contemplating AI adoption will look to third-party vendors to provide AI-enabled products or services for their businesses. Companies often struggle when deciding what diligence to perform for these vendors and how to mitigate…

ICO Dawn Raids: How to respond and what you can do to prepare – An FAQ

By: Robert Maddox and Aisling Cowell September 25, 2024

In the UK, unannounced inspections of businesses’ premises, or “dawn raids”, are most often associated with authorities such as the Serious Fraud Office, National Crime Agency, Competition and Markets Authority and Metropolitan Police. However, data controllers and processers should be aware that the UK’s Information Commissioner’s Office (“ICO”) can also carry out dawn raids as part of investigations into compliance…

DOJ Updates Guidance on Corporate Compliance Programs to Include AI Risk Management

By: Helen V. Cantwell, Avi Gesser, Andrew M. Levine, David A. O'Neil, Winston M. Paes, Jane Shvets, Douglas Zolkind and Erich O. Grosz September 25, 2024

On September 23, 2024, the U.S. Department of Justice updated its guidance to federal prosecutors related to the “Evaluation of Corporate Compliance Programs” (the “ECCP”).[1] This revision, the first since March 2023, addresses how companies manage risks associated with new and emerging technology, including artificial intelligence, and expands on preexisting guidance regarding employee reporting channels, whistleblower protection, post-acquisition compliance integration,…

European Data Protection Roundup – August 2024

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Deniz Tanyolac, Oliver Binns, Anna Chirniciuc, Olivia Halderthay and Samuel Thomson September 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., following Uber’s move away from relying on the standard contractual clauses (“SCCs”) in 2021. Businesses may wish to assess their own cross-border data transfer…