November 1, 2024 marked the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”). In Part One of this Debevoise Data Blog post series, we discussed the Part 500 requirements that came into effect on November 1, 2024. In this Part Two, we look…

Developers of artificial intelligence (“AI”) systems notched a victory last week when a federal judge dismissed claims under the Digital Millennium Copyright Act (“DMCA”) premised on the use of copyrighted works in AI training data, holding that the plaintiffs had failed to show any concrete harm and therefore lacked standing to bring their claims.  Raw Story Media, Inc. v. OpenAI…

The Department of Justice (“DOJ”) has moved ahead with its effort to protect Americans’ sensitive personal data and U.S. government data from exploitation by countries of concern or related covered persons, issuing a Notice of Proposed Rulemaking (the “Proposal”) that closely tracks its earlier Advance Notice of Proposed Rulemaking (the “Advance Notice”). The Advance Notice had been released in February concurrently…

On October 22, 2024, the U.S. Department of Justice (“DOJ”) announced that The Pennsylvania State University (“Penn State”), a public university in University Park, Pennsylvania, agreed to pay $1.25 million to resolve allegations that it violated the False Claims Act (the “FCA”). Specifically, Penn State allegedly failed to meet cybersecurity requirements in federal government contracts, misrepresented compliance timelines and plans,…

On November 8th, Avi Gesser, Luke Dembosky, Erez Lieberman, and Charu Chandrasekhar from the Debevoise Data Strategy and Security Group discussed the recent NYDFS Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI. The webcast provided a deeper dive into the topics covered in our recent blog post including: The cybersecurity-related AI risks that companies…