On July 29, 2024, the Standing Committee on Ethics and Professional Responsibility of the American Bar Association (“ABA”) published Formal Opinion 512, providing guidance on the ethical use of generative AI tools by legal professionals (the “Opinion”). The Opinion is the latest of several similar ethical guidelines published by various state courts and bar ethics committees, including the September 2023…

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft and data subjects’ fear that their personal data had been exposed. Businesses may wish to review their policies and procedures for responding to compensation requests for non-material damage to ensure…

When drafting policies on the use of artificial intelligence, one challenge that many businesses face is how to define AI, and relatedly, when should AI governance and compliance programs apply to models that do not meet the definition of AI. Choosing a Regulatory Definition of AI One common approach is to adopt the definition that is used in a regulation…

On July 18, 2024, in the landmark SEC v. SolarWinds Corp. case, U.S. District Judge Paul Engelmayer dismissed the majority of the claims brought by the U.S. Securities and Exchange Commission (the “SEC”) against SolarWinds Corporation (“SolarWinds”), including the SEC’s previously untested claim that alleged deficiencies in SolarWinds’ cybersecurity controls amounted to violations of the internal accounting controls requirements of Section 13(b)(2)(B)…

On Friday, July 26 at 11:00am EDT, Eric Dinallo from Debevoise’s Insurance Regulatory practice joined Avi Gesser and Sharon Shaji from the firm’s Data Strategy and Security practice, for a debrief on the final version of Insurance Circular No. 7, which sets out detailed requirements for insurance companies operating in New York that use AI or external data relating to…