All eyes are on the DOJ Bulk Sensitive Data Rule (28 C.F.R. Part 202), and July 8, 2025, when the recently announced good-faith safe harbor expires.  The rule, which the Department of Justice now refers to as the Data Security Program (the “DSP”), creates a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data…

Debevoise’s Data Strategy and Security group recently assisted five leading financial services industry trade associations in preparing a joint rulemaking petition in response to the Securities and Exchange Commission’s (“SEC”) cybersecurity disclosure rule. The rule was adopted in July 2023 to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incidents. Debevoise worked with the American Bankers Association,…

Artificial intelligence (“AI”) is improving, but even the best models still can hallucinate, miscite, and miscalculate.  The primary strategy for managing these and other risks associated with AI deployment is human review, also known as putting a “human-in-the-loop.”  Here are various measures that we have seen businesses use to optimize human review of AI decisions and AI-generated content and ways…

The insurance industry has been an early adopter of AI systems, which are reshaping how insurers assess risk, underwrite policies, detect fraud, engage with customers, and conduct their internal business operations. Insurers are increasingly leveraging AI to streamline operations, reduce claims processing times, and gain deeper insights into consumer behaviour.  Common AI use cases for insurers include: using advanced machine…

As AI adoption continues to increase, businesses are looking for familiar risk management protocols for AI governance.  One obvious governance framework to use is cybersecurity, which is another area where rapid technological change has required businesses to quickly adapt to complex challenges. Because of the similarities between cybersecurity and AI risk (e.g., both are relatively new to many businesses, tech-driven,…