Debevoise Data Blog – Page 3

European Data Protection Roundup – October

By: Luke Dembosky, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst, Diana Moise and Jesse Hope November 1, 2021

European Data Protection Roundup – October 2021 Key takeaways this October include: Liability for excessive security footage: The need to ensure security systems are configured appropriately to minimise the scope of video and audio footage captured, after an English court found a homeowner’s use of popular smart cameras violated the UK General Data Protection Regulation (“GDPR”). Subject access requests: The…

Cybersecurity and AI Whistleblowers: Unique Challenges and Strategies for Reducing Risk

By: Avi Gesser, Anna Gressel, Corey Goldstein and Michael Pizzi November 1, 2021

Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”). First, on October 28, 2021, New York State amended its Labor Law to dramatically increase whistleblower protections. This brings New York in line with a small but growing number of states, including New Jersey, with very broad…

Webcast – Practical Tips on Managing AI Risks in the Insurance Sector

By: Avi Gesser and Anna Gressel October 28, 2021

On Wednesday, November 3, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group joined guests Liz Grennan, Doug McElhaney and Alex Singla of McKinsey, for a special installment of our Data Security Webcast on managing AI risks in the insurance sector. While artificial intelligence (AI) helps companies generate value, it also produces a variety of risks and…

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 26, 2021

This is Part 2 in a two-part series of articles about facial recognition laws in the United States. In Part 1, we discussed how current legislation addresses facial recognition. In this part, we assess where the law seems to be heading and offer some practical risk reduction strategies. I. Proposed U.S. Federal and State Legislation There is currently no federal…

Data Portal Update: Debevoise Launches Groundbreaking Suite of Data Tools for Cybersecurity and AI

By: Avi Gesser October 21, 2021

Debevoise’s Data Strategy & Security practice has launched its Debevoise Data Portal. The Portal, which had been in beta testing since June 2020 with a select group of users, is now available for subscription. The Portal consists of a groundbreaking suite of tools that helps clients address business critical data security issues: The Cyber Breach Notification Assessment Tool: Allows subscribers…

Webcast – The SEC’s Cybersecurity Year in Review 2021: Disclosures, Enforcement, and More

By: Julie M. Riewe, Christopher S. Ford and HJ Brehmer October 20, 2021

On November 2, 2021, Julie Riewe of Debevoise’s White Collar & Regulatory Defense Group and Christopher Ford and HJ Brehmer of Debevoise’s Data Strategy & Security Group hosted an engaging webcast on the Securities and Exchange Commission’s enforcement actions, guidance, and proposed rule-making in 2021. Topics included: The SEC’s proposed cybersecurity disclosure and reporting requirements; Key takeaways from the SEC’s…

Face Forward: Strategies for Complying with Facial Recognition Laws

By: Jeremy Feigelson, Avi Gesser, Johanna Skrzypczyk, Anna Gressel and Andres S. Gutierrez October 19, 2021

Part 1: The Current Patchwork Two huge crosscurrents are sweeping the world of facial recognition—and moving head-on into each other. Companies are eagerly adopting facial recognition tools to better serve their customers, reduce their fraud risks, and manage their workforces. Meanwhile, legislatures and privacy advocates are pushing back hard. They challenge facial recognition as inherently overreaching, invasive of privacy, and…

Six Quick Cybersecurity Takeaways from SEC Speaks 2021

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Charu Chandrasekhar, HJ Brehmer and Matthew C. Rametta October 14, 2021

On October 13, the annual Securities and Exchange Commission Speaks seminar concluded with presentations from the Examination, Enforcement, and Investment Management divisions. As SEC regulated entities (including publicly traded companies, investment advisers, and broker-dealers) look to 2022, they should keep the following key cybersecurity takeaways in mind: Continued Focus on Corporate Governance. The Associate Director of the Division of Examination’s…

Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence

By: Avi Gesser, Anna Gressel and Mengyi Xu October 14, 2021

On September 7, 2021, the Board of the International Organization of Securities Commissions (“IOSCO”) issued a final report entitled “The Use of Artificial Intelligence and Machine Learning by Market Intermediaries and Asset Managers” (the “Report”), which aims to assist IOSCO members in supervising their regulated entities over the use of AI and ML. While non-binding, the Report is likely to…

European Data Protection Roundup – September

By: Luke Dembosky, Avi Gesser, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst and Diana Moise October 12, 2021

European Data Protection Roundup – September 2021 Key takeaways this September include: Transparency: The importance of providing individuals sufficient information to enable them to understand how their personal data is used and shared, following the Irish Data Protection Commission’s (“DPC”) €225 million fine against WhatsApp and the Hamburg DPA’s nearly €1 million penalty against an energy company for alleged transparency…