Debevoise Data Blog – Page 41

A Late Winter Blizzard of SEC Cybersecurity Rulemaking: the Proposed BD Cybersecurity Rules and Expanded Reg S-P and Reg SCI Obligations

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Charu A. Chandrasekhar, Sheena Paul, Suchita Mandavilli Brundage, Michael R. Roberts, Mengyi Xu and Ned Terrace March 20, 2023

On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers, security-based swap dealers, major security-based swap participants, transfer agents, a variety of market infrastructure providers (national securities exchanges, clearing agencies, and security-based swap data repositories), and securities SROs (collectively, “Market…

The Challenges That AI Poses for Data Minimization

By: Avi Gesser, Mengyi Xu, Michael Pizzi and Jackie Dorward March 17, 2023

We have written several times about the need for companies to reduce the amount of data that they collect and to get rid of old data. Data minimization lowers the legal, cybersecurity and privacy risks associated with companies having lots of confidential information that they do not need stored on their systems or with their vendors. But just as many…

National Cybersecurity Strategy (Part 1): The White House Urges Private and Public Action

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Michael R. Roberts, Mengyi Xu, Noah L. Schwartz, Stephanie Thomas, Jarrett Lewis and Jacob Hochberger March 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018. The Strategy positions cybersecurity very clearly as a critical national security issue and builds on the Administration’s issuance of the May 2021…

Preparing for the SEC’s Cybersecurity Rules for Registered Investment Advisers, Registered Investment Companies, and Business Development Companies

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Julie M. Riewe, Kristin Snyder, Charu A. Chandrasekhar, Suchita Mandavilli Brundage and Jarrett Lewis March 13, 2023

In February 2022, the SEC proposed its first-ever cybersecurity rules for registered investment advisers (“RIAs”) (including RIAs to private funds) and Funds (which include registered investment companies (“RICs”) and closed-end funds that have elected to be treated as business development companies (“BDCs”) under the Investment Company Act), which we previously discussed here. The SEC has indicated that it plans to…

Privacy by Design: Insights from the UK ICO’s Product Design Forum

By: Robert Maddox, Stephanie Thomas, Maria Epishkina and Maria Santos March 8, 2023

On 23 February 2023, the UK ICO hosted its latest privacy forum in a series aimed at helping product designers and managers incorporate “privacy by design” or “data protection by design and by default” principles into their work. Presenters from a wide range of sectors, including from the ICO, offered practical guidance that may help companies better understand current market practice,…