Debevoise Data Blog – Page 34

Updating the Safeguards Rule: FTC Touts Proposed Changes at Virtual Workshop

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Suchita Mandavilli Brundage and Marissa MacAneney August 7, 2020

On July 13, 2020, the Federal Trade Commission (“FTC”) hosted a virtual workshop on its proposed changes to the Standards for Safeguarding Customer Information (“Safeguards Rule”). The workshop followed up on the FTC’s 2019 notice of proposed rulemaking requesting public comment on its proposal to amend the Safeguards Rule. The workshop was intended to provide a forum to explore “the…

European Data Protection Round Up – July 2020

By: Robert Maddox, Christopher Garrett, Fanny Gauthier, Friedrich Popp, Martha Hirst, Luke Dembosky, Jeremy Feigelson, Avi Gesser and Jim Pastore August 6, 2020

July was a busy month for data protection in the EU and UK. While the long-awaited Schrems II decision captured the most headlines, data protection authorities (“DPAs”) and Member State courts have been busy too. We cover here some of the highlights, ranging from a €16.7m fine in Italy – the fourth largest GDPR penalty to date – to court…

Webcast – Artificial Intelligence and Consumer Protection Risks – A Discussion with Andrew Smith, Director of the FTC’s Bureau of Consumer Protection

By: Avi Gesser and Anna Gressel August 6, 2020

On August 6, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, had an insightful conversation about the FTC’s recent guidance on Using Artificial Intelligence and Algorithms, including: The FTC’s enforcement authority related to AI and automated decision-making technologies, including…

Schrems II – Where are we now?

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Friedrich Popp, Christopher Garrett, Fanny Gauthier, Robert Maddox and Mengyi Xu August 4, 2020

As covered in our previous blog post, the CJEU has invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data from the EU to the U.S. (the “Schrems II” decision) and cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (“SCCs”) to transfer EU personal data to the U.S., or to other…

Webcast – Artificial Intelligence Regulation in the Securities Industry – A Discussion with Haimera Workie of FINRA’s Office of Financial Innovation

By: Avi Gesser and Anna Gressel July 23, 2020

On July 23, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Haimera Workie, the Head of Financial Innovation and Senior Director of FINRA’s Office of Financial Innovation, had an insightful conversation about FINRA’s recent report on Artificial Intelligence in the Securities Industry, including: How AI and machine learning are currently…

First Enforcement Action by New York DFS Under Its Cyber Rules Shows Where Companies Face Regulatory Risk – Six Quick Takeaways

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Lisa Zornberg, Zila Reyes Acosta-Grimes, Michael Bloom, Christopher S. Ford and Mengyi Xu July 22, 2020

The New York State Department of Financial Services (“DFS”) issued a Statement of Charges and Notice of Hearing (the “Charges”) earlier today against First American Title Insurance Company (“First American”) for multiple violations of the DFS Part 500 Cybersecurity Regulation (the “Regulation”), including: Failure to perform an adequate risk assessment Failure to maintain proper access controls Failure to provide adequate security…

Schrems II: Privacy Shield Invalid and Severe Challenges for Standard Contractual Clauses

By: Friedrich Popp, Robert Maddox, Christopher Garrett, Fanny Gauthier, Jeffrey P. Cunard, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Thomas Schürrle, Alexandre Bisch and Anna Gressel July 16, 2020

Today the Court of Justice of the European Union (CJEU), the EU’s highest court, invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data. The CJEU’s decision also cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (SCCs) to transfer EU personal data to the U.S., or to other jurisdictions with similarly…

GDPR Enforcement Keeps Getting Tougher: Google LLC Loses Appeal In France Against €50 Million Fine

By: Jeremy Feigelson, Fanny Gauthier and Sara Ewad July 9, 2020

France’s supreme court for administrative matters, the Council of State (Conseil d’Etat), has upheld the €50 million fine imposed on Google LLC by the French data protection authority, the Commission Nationale Informatique et Libertés (the “CNIL”), for breaches of the General Data Protection Regulation (the “GDPR”). Google LLC is the California-based, Delaware-incorporated entity that serves as the main Google operating…

Webcast – Safeguarding Employees’ Credentials and Preventing Unauthorized Access to Sensitive Data Stored in the Cloud and on Employees’ Personal Devices

By: Avi Gesser and Mengyi Xu July 7, 2020

On July 7, 2020, Avi Gesser and Mengyi Xu from Debevoise’s Data Strategy & Security Group, along with their special guests, Luke Tenery and Joe Shepley of Ankura, had a insightful discussion on how companies can identify and reduce the risks associated with employee credential security, including: Making sure that furloughed and departing employees do not have access to confidential…

Business Email Compromise: Who Bears the Loss?

By: Jeremy Feigelson and Taryn Elliott July 6, 2020

In a recent blog post discussing business email compromise (“BEC”) schemes, we shared tips for preventing and responding to these incidents in remote work environments. This week, Bloomberg Law has posted Part Two of our series on BECs, which relates to the allocation of losses that often result from successful BEC attacks. In this installment, we discuss an emerging legal…