Debevoise Data Blog – Page 42

The SEC’s 2024 Examination Priorities: Continued Scrutiny of Cybersecurity Policies and Procedures

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Kristin Snyder, Erez Liebermann, Matt Kelly and Mengyi Xu October 18, 2023

On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) issued its 2024 Examination Priorities (the “2024 Priorities”). The 2024 Priorities reflect the Commission’s continued scrutiny of information security and operational resiliency at registrants and the risks posed by third-party service providers, as well as new attention to artificial intelligence and other forms of so-called emerging financial technology. Information Security…

Eight GDPR Questions when Adopting Generative AI

By: Avi Gesser, Robert Maddox, Friedrich Popp and Martha Hirst October 10, 2023

As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations, including the EU and UK GDPR. In this blog post, we outline eight questions businesses may want to ask when developing or adopting new Generative AI tools or when considering…

The Final Colorado AI Insurance Regulations: What’s New and How to Prepare

By: Avi Gesser, Erez Liebermann, Eric Dinallo, Matt Kelly, Corey Goldstein, Stephanie Thomas, Samuel J. Allaman and Basil Fawaz October 3, 2023

On September 21, 2023, the Colorado Division of Insurance (the “DOI”) released its Final Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models (the “Final Regulation”). As discussed below, the Final Regulation (which becomes effective on November 14, 2023) reflects several small changes from the previous version of…

European Data Protection Roundup – August 2023

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Stephanie Thomas, Tristan Lockwood, Melissa Muse, Melyssa Eigen, Maria Epishkina and David Z. Rochelle September 27, 2023

Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest arising in light of the Spanish AEPD’s €5,000 fine for related failures; Automated decision-making: Businesses need not disclose the algorithms used in automated decision-making in response to data subject access requests,…

UK Online Safety Bill Passed – An FAQ

By: Robert Maddox, Martha Hirst and Allegra De Lorenzo September 26, 2023

After years of deliberation, the UK passed its long-awaited Online Safety Bill (the “OS Bill”). It imposes content moderation requirements on certain online platforms and service providers to address illegal and harmful content. The OS Bill reflects a recent trend to scrutinise online platforms’ and service providers’ operations, particularly their interaction with children. For example, the UK ICO has made…