On June 16, Avi Gesser, Stephanie Cipolla, and special guests Art Ehuan from Crypsis and Ed Cabrera from Trend Micro discussed the hallmarks of a reasonable corporate cybersecurity program for the purposes of defending litigation or responding to regulatory inquiries, including: Technical controls (MFA, access rights, encryption, network segmentation, endpoint detection, etc.) Administrative controls (policies, procedures, training, resources, vendor management, etc.)…
Introduction Much has been written recently on the increased cybersecurity and privacy risks that companies are facing. One of the most effective ways for organizations to mitigate those risks is to significantly reduce the amount of data that they collect and maintain. Having less data means that there is less sensitive information to protect from hacks or leaks which is…
On June 9, Calvin A. Shivers, Assistant Director of the Criminal Investigative Division of the FBI, testified before the Senate Judiciary Committee regarding a variety of frauds during COVID-19, including Business Email Compromise (“BEC”) frauds and the FBI’s response. BECs are among the most successful and persistent forms of cyber attacks. Indeed, the FBI has seen increases in cyber-enabled financial…
Today, Debevoise’s Data Strategy & Security practice (DSS) is launching a Data Blog to help clients identify and respond to emerging issues, and a Debevoise Data Portal to help clients facing a breach assess and begin addressing their notification obligations within minutes of detection. We are also introducing DSS as the new name for our practice, which had been called Cybersecurity & Data…
It looks like the California Attorney General’s implementing regulations for the California Consumer Privacy Act (“CCPA”) are, finally, final. On June 1, 2020, the California Attorney General submitted for publication the final proposed regulations. The California Office of Administrative Law now has 30 working days, plus an additional 60 calendar days under an Executive Order issued in connection with the…
On May 21, 2020, Avi Gesser and Luke Dembosky discussed the latest cybersecurity and privacy considerations for financial sponsors and PE-backed portfolio companies, including: The unique cybersecurity challenges facing PE firms and their portfolio companies Strategies to address the added cyber risks of remote work Current areas of regulatory focus relating to data security Managing other data-related risks, including data…
Since the start of the COVID-19 epidemic, and following the lockdown measures put in place in affected countries, the use of new communications tools by companies and their employees is booming, thus multiplying the risks of cyber threats. With remote working, some employees are also working on their personal devices, which often do not offer the same level of security…
On May 14, 2020, Vincent Pitaro published an article called “The Current State and Future of AI Regulation” in Hedge Fund Law Report, synthesizing the commentary most relevant to hedge fund managers from a recent episode of the Debevoise Data Security Webcast Series. In this Webcast, Avi Gesser and Anna Gressel, and their guest Matthew Homer, Executive Deputy Superintendent of…
Each passing week of lockdown brings mounting economic and social costs, increasing the urgency to find ways to get more people back to work safely. A large part of that effort involves the development of contact tracing applications (“apps”) for mobile phones. These apps promise to allow low-risk individuals to return to some normal activities in the near term while…
On April 21, 2020, Avi Gesser and Anna Gressel, along with our special guest, Matthew Homer, the Executive Deputy Superintendent of the New York Department of Financial Services Research and Innovation Division, discussed how companies can identify and reduce the regulatory and reputational risks associated with their AI programs, including: AI regulatory and enforcement trends Best practices for AI governance, training,…