On December 19, 2023, Erez Liebermann and Martha Hirst from the Debevoise Data Strategy and Security Group hosted the first in a series of webcasts in connection with the release of our inaugural Cybersecurity Desk Guide for Counsel. They were joined by special guests Kelly Harris (Global Head of Cyber Legal at UBS) and Dan Sutherland (Director and Associate General…

The SEC’s new cybersecurity rules for public companies became effective on December 18, 2023. The rules require disclosure of a cybersecurity event within four business days of a determination that it is material.  They also provide that such disclosure may be delayed for up to 30 days if the United States Attorney General (or per DOJ guidelines, the Attorney General’s authorized…

As we approach the end of the year, here are the Top 10 Privacy posts on the Debevoise Data Blog in 2023 by page views. If you are not already a Blog subscriber, click here to sign up. 1. California Privacy Protection Agency Begins CCPA Rulemaking for Cybersecurity Audits (September 20, 2023) In September 2023, staff at the California Privacy…

On 8 December 2023, after months of negotiations, the European Commission, the European Parliament and the European Council reached political agreement on the terms of the European Union Artificial Intelligence Act (the “EU AI Act” or the “Act”). We previously covered the EU legislative process behind the Act here. Importantly, the final text of the Act is not yet available,…

On Wednesday, December 13, 2023, Avi Gesser, Charu Chandrasekhar, and Michelle Huang from the Data Strategy and Security Group, and Kevin Schmidt in our Mergers & Acquisitions Group, discussed how PE firms are using AI and ways to identify and mitigate AI-related risks. Key takeaways from the discussion included answers to the following questions: How are PE firms currently using AI?…

On Thursday, January 18, 10:00-10:45 AM (ET), Erez Liebermann will speak at Incident Response Forum Ransomware 2024 on a virtual panel entitled “Ransomware Attacks: The SEC, NYDFS and Other Regulatory Trends.” To learn more about the conference please click here. To register for free, please click here and use the code DEBEVOISE118. Incident Response Forum Ransomware 2024 is a unique, one-day conference that…

On December 1, 2023 partners from our Data Strategy & Security, Securities Enforcement, and Capital Markets practices discussed practice tips to implement the SEC’s new cybersecurity rules.  Receive the full conversation on-demand HERE. For more information about the SEC cybersecurity rule, see our Debevoise Data Blog posts: SEC Adopts New Cybersecurity Rules for Issuers SEC Adopts New Cybersecurity Rules for…

On December 4, 2023, the Debevoise Data Strategy and Security Group released the inaugural edition of its Cybersecurity Desk Guide for Counsel.  The Desk Guide is a reference resource for counsel, in any size of organization, covering the many facets in which legal departments could engage with cybersecurity functions. The rapid rise of cybersecurity is a key business priority for…

As legislators and regulators around the world are trying to determine how to approach the novel risks and opportunities that AI technologies present, the draft European Union Artificial Intelligence Act (the “EU AI Act” or the “Act”) is a highly anticipated step towards the future of AI regulation. Despite recent challenges in the EU “trilogue negotiations”, proponents still hope to…

On Tuesday, November 28 Avi Gesser, Erez Liebermann and Stephanie Thomas of the Debevoise Data Strategy and Security group hosted a webcast that examined the final amendments to Cybersecurity Regulation, 23 NYCRR Part 500, announced by the NYDFS on November 1, 2023. They discussed what changes made it into the final version, and the implications that the final rules have for…