Debevoise Data Blog – Page 3

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Rick Sofield, Johanna Skrzypczyk and Mengyi Xu May 28, 2025

All eyes are on the DOJ Bulk Sensitive Data Rule (28 C.F.R. Part 202), and July 8, 2025, when the recently announced good-faith safe harbor expires. The rule, which the Department of Justice now refers to as the Data Security Program (the “DSP”), creates a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data…

Financial Services Industry Petitions the SEC for a Rulemaking to Amend the Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule

By: Erez Liebermann, Benjamin R. Pedersen, John Jacob, Stephanie Thomas and Cindy Tu May 27, 2025

Debevoise’s Data Strategy and Security group recently assisted five leading financial services industry trade associations in preparing a joint rulemaking petition in response to the Securities and Exchange Commission’s (“SEC”) cybersecurity disclosure rule. The rule was adopted in July 2023 to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incidents. Debevoise worked with the American Bankers Association,…

AI Risk Management Part 1 – Optimizing Human Review of AI Content and Decisions

By: Avi Gesser, Matt Kelly, Michael Bloom and Sharon Shaji May 22, 2025

Artificial intelligence (“AI”) is improving, but even the best models still can hallucinate, miscite, and miscalculate. The primary strategy for managing these and other risks associated with AI deployment is human review, also known as putting a “human-in-the-loop.” Here are various measures that we have seen businesses use to optimize human review of AI decisions and AI-generated content and ways…

Europe’s Regulatory Approach to AI in the Insurance Industry

By: Avi Gesser, Clare Swirski, Martha Hirst and Dominic O'Leary May 21, 2025

The insurance industry has been an early adopter of AI systems, which are reshaping how insurers assess risk, underwrite policies, detect fraud, engage with customers, and conduct their internal business operations. Insurers are increasingly leveraging AI to streamline operations, reduce claims processing times, and gain deeper insights into consumer behaviour. Common AI use cases for insurers include: using advanced machine…

Lessons for AI Risk Management from Ten Years of Cybersecurity Implementation

By: Charu A. Chandrasekhar, Avi Gesser, Matt Kelly and Andreas Constantine Pavlou May 14, 2025

As AI adoption continues to increase, businesses are looking for familiar risk management protocols for AI governance. One obvious governance framework to use is cybersecurity, which is another area where rapid technological change has required businesses to quickly adapt to complex challenges. Because of the similarities between cybersecurity and AI risk (e.g., both are relatively new to many businesses, tech-driven,…