It looks like the California Attorney General’s implementing regulations for the California Consumer Privacy Act (“CCPA”) are, finally, final. On June 1, 2020, the California Attorney General submitted for publication the final proposed regulations. The California Office of Administrative Law now has 30 working days, plus an additional 60 calendar days under an Executive Order issued in connection with the…
On May 21, 2020, Avi Gesser and Luke Dembosky discussed the latest cybersecurity and privacy considerations for financial sponsors and PE-backed portfolio companies, including: The unique cybersecurity challenges facing PE firms and their portfolio companies Strategies to address the added cyber risks of remote work Current areas of regulatory focus relating to data security Managing other data-related risks, including data…
Since the start of the COVID-19 epidemic, and following the lockdown measures put in place in affected countries, the use of new communications tools by companies and their employees is booming, thus multiplying the risks of cyber threats. With remote working, some employees are also working on their personal devices, which often do not offer the same level of security…
On May 14, 2020, Vincent Pitaro published an article called “The Current State and Future of AI Regulation” in Hedge Fund Law Report, synthesizing the commentary most relevant to hedge fund managers from a recent episode of the Debevoise Data Security Webcast Series. In this Webcast, Avi Gesser and Anna Gressel, and their guest Matthew Homer, Executive Deputy Superintendent of…
Each passing week of lockdown brings mounting economic and social costs, increasing the urgency to find ways to get more people back to work safely. A large part of that effort involves the development of contact tracing applications (“apps”) for mobile phones. These apps promise to allow low-risk individuals to return to some normal activities in the near term while…
On April 21, 2020, Avi Gesser and Anna Gressel, along with our special guest, Matthew Homer, the Executive Deputy Superintendent of the New York Department of Financial Services Research and Innovation Division, discussed how companies can identify and reduce the regulatory and reputational risks associated with their AI programs, including: AI regulatory and enforcement trends Best practices for AI governance, training,…
On April 1, 2020, Luke Dembosky and Avi Gesser spoke with Justin Herring, Executive Deputy Superintendent of New York Department of Financial Services’s Cybersecurity Division, to discuss the latest cybersecurity and regulatory risks arising from remote working arrangements during the coronavirus pandemic, including: Challenges companies face due to remote working and which defenses to prioritize Increased phishing, BECs, helpdesk fraud…
The California Attorney General has released a second set of modifications to its proposed regulations implementing the California Consumer Privacy Act. We expect that companies planning their CCPA compliance programs will want to continue to map their efforts to the evolving regulations–though the serial revisions from the AG’s office do not make such mapping easy. The good news is that the…
As companies dust off their Business Continuity Plans to prepare for possible disruptions and remote working due to COVID-19, here are 10 cybersecurity considerations to add to the list of preparations: Phishing—Look out for coronavirus phishing scams. We have already seen fake CDC updates, IT alerts and software notices that attempt to obtain user credentials or install malware, so consider…
It is only February, but, so far, 2020 looks like it is going to be the year that courts and regulators look seriously at artificial intelligence (“AI”). Recent developments in both Europe and the United States provide some insight into where AI is likely to face tough scrutiny and ways to mitigate risks of using AI. On February 5, 2020,…