The business-to-business (“B2B”) and human resources (“HR”) exemptions to the California Consumer Privacy Act (“CCPA”) have been extended for a full year, and will now expire no sooner than January 1, 2022 – and a further one-year extension seems likely. The B2B and HR exemptions have thus far permitted businesses to omit these types of data from their CCPA compliance…

We have recently written about the persistence of the three most common cyber attacks: Ransomware, Phishing and Business Email Compromises (BECs), and the increased regulatory scrutiny that companies face when they fall victim to these attacks. Two recent developments demonstrate that credential stuffing is yet another serious cybersecurity risk that is on the rise and has the attention of regulators. First,…

As businesses and government offices ramp up their on-site operations, they are turning to smartphone applications to help keep track of the health status of persons entering their buildings. In this Part 1 of our two-part blog post on back-to-work apps, we provide a checklist of issues to consider for health questionnaires.  In Part 2, we will do the same…

Reproduced with permission. Published Sept. 10, 2020. Copyright 2020 The Bureau of National Affairs, Inc. 800-372-1033. For further use, please visit http://www.bna.com/copyright-permission-request/ There’s been dramatic growth in the role lawyers play in cybersecurity. When we started practicing in the area of artificial intelligence, we heard many of the same questions that we faced about cybersecurity years ago: What do the…

August proved to be another busy month for data protection developments in Europe, fuelled in part by the aftermath of the Court of Justice of the European Union’s (“CJEU”) decision in the “Schrems II” case. Enforcement The most noteworthy GDPR enforcement-related developments from August include: Marriott indicates potentially significant decrease in anticipated ICO fine. The ICO had announced in July…

We’ve noticed that people seemed more determined than usual this year to really unplug during their vacations. That was no doubt a healthy reaction to months of pandemic-related stress. For those who took some true summer downtime, and anyone else who’d find a roundup useful – here are some quick notes on how the world of data strategy and security…

On August 27, 2020, Vincent Pitaro of the Hedge Fund Law Report published: Debevoise Attorneys Discuss AI Regulation With of FINRA’s Office of Financial Innovation.  The article summarizes our discussion with Mr. Workie on: FINRA’s Office of Financial Innovation and its report on AI Common uses of AI in the securities industry Regulatory and reputational risks associated with AI How…

The widespread criticism, and partial abandonment, of the algorithm that was used to evaluate UK students serves as useful reminder that corporate AI programs carry significant regulatory and reputational risks, and that careful planning, testing and governance are needed throughout the process to mitigate those risks. Background In March, due to the pandemic, UK authorities canceled the exams that students…

Competition v Privacy Competition and consumer authorities are increasingly considering the implications of digital platforms’ ownership and use of consumer data and whether concerns about harm to privacy are indicative of a lack of competition. For a long time the orthodoxy in the EU had been that competition authorities were sensitive to the possible issues of data concentration, but, equally,…

As we have discussed in recent webinars and blog posts, the New York Department of Financial Services has recently brought its first enforcement action under its cybersecurity rules (23 N.Y.C.R.R. Part 500).  When the NYDFS cyber rules were first enacted in 2017, they were widely regarded as the most comprehensive cybersecurity regulation in the United States. Almost all insurance companies…