On Tuesday, November 28 Avi Gesser, Erez Liebermann and Stephanie Thomas of the Debevoise Data Strategy and Security group hosted a webcast that examined the final amendments to Cybersecurity Regulation, 23 NYCRR Part 500, announced by the NYDFS on November 1, 2023. They discussed what changes made it into the final version, and the implications that the final rules have for…
Key takeaways from October include: Employee monitoring: Following new guidance issued by the UK ICO, employers may want to review their existing employee monitoring to ensure it meets the regulator’s latest expectations, including ensuring that any monitoring is necessary, proportionate, and conducted transparently. Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on…
On November 16, 2023, the Committee on Professional Responsibility and Conduct for the State Bar of California (“COPRAC”) provided initial recommendations regarding use of generative AI by lawyers (the “Guidance”). The Guidance uses the existing Rules of Professional Conduct as a framework, but recognizes that generative AI is a rapidly evolving technology that might necessitate new regulation and rules in…
On Thursday, December 7th, 8:10-8:55 AM (ET), Robert Maddox will speak on a virtual panel entitled “Incident Response in Europe: State of Play.” To learn more about the conference please click here. To register for free, please click here and contact us for the Debevoise registration code. Incident Response Forum Europe 2023 is a unique, one-day conference that brings together…
On November 7, 2023, the profilic ransomware group AlphV (a/k/a “BlackCat”) reportedly breached software company MeridianLink’s information systems, exfiltrated data and demanded payment in exchange for not publicly releasing the stolen data. While this type of cybersecurity incident has become increasingly common, the threat actor’s next move was less predictable. AlphV filed a whistleblower tip with the U.S. Securities and…