Debevoise Data Blog – Page 26

DOJ Updates Guidance on Corporate Compliance Programs to Include AI Risk Management

By: Helen V. Cantwell, Avi Gesser, Andrew M. Levine, David A. O'Neil, Winston M. Paes, Jane Shvets, Douglas Zolkind and Erich O. Grosz September 25, 2024

On September 23, 2024, the U.S. Department of Justice updated its guidance to federal prosecutors related to the “Evaluation of Corporate Compliance Programs” (the “ECCP”).[1] This revision, the first since March 2023, addresses how companies manage risks associated with new and emerging technology, including artificial intelligence, and expands on preexisting guidance regarding employee reporting channels, whistleblower protection, post-acquisition compliance integration,…

European Data Protection Roundup – August 2024

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Deniz Tanyolac, Oliver Binns, Anna Chirniciuc, Olivia Halderthay and Samuel Thomson September 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., following Uber’s move away from relying on the standard contractual clauses (“SCCs”) in 2021. Businesses may wish to assess their own cross-border data transfer…

Erez Liebermann to speak at the Director-Executive Summit

By: Erez Liebermann September 12, 2024

On November 14-15, 2024, the University of Texas School of Law and McCombs School of Business will host a groundbreaking event limited to public company directors and C-suite executives — the Director-Executive Summit. Debevoise partner Erez Lieberman will be moderating the Cybersecurity panel, which is scheduled for the morning of Friday, November 15. To learn more about the event, please click here.…

European Data Protection Roundup – July 2024

By: Robert Maddox, Friedrich Popp, Stephanie Thomas, Joshua Plastrik, Theo Wilson, Barney Lynock and Deniz Tanyolac August 27, 2024

Our top five European data protection developments from July are: EU AI guidance: Businesses should consider reviewing their AI policies and practices following guidance from the French CNIL and the Irish DPC recommending that businesses conduct AI risk assessments and prepare AI policies and procedures, alongside the EDPB’s statement supporting the appointment of DPAs as the national authorities responsible for…

The EU’s Draft NIS2 Regulations: Appropriate ICT Security Measures and Serious Incident Reporting

By: Robert Maddox and Martha Hirst August 12, 2024

The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the “NIS2 Regulation”). Once finalised, the regulation will apply from 18 October 2024 in line with member states’ deadline for NIS2 implementation. NIS2: a recap The second Network and Information Systems…