Earlier this month, staff at the California Privacy Protection Agency (the “Agency” or “CPPA”) put forward Draft Cybersecurity Audit Regulations (“the Draft”) for the CPPA Board’s consideration.  While the Agency has yet to begin formal rulemaking, the Draft suggests an ambitious role for the Agency in setting cybersecurity norms for entities covered by the CCPA and echoes requirements found elsewhere…

On Tuesday, September 19, the partners in the Debevoise Data Strategy and Security group — Charu Chandresekhar, Luke Dembosky, Avi Gesser, and Erez Liebermann — provided a CLE on the latest cybersecurity threats and regulatory developments, as well as tips for lawyers on how to prepare for and respond to cyber incidents. This webinar satisfied the new requirement of 1…

Data Strategy & Security partner Erez Liebermann and international counsel Robert Maddox will join the Financial Times Cyber Resilience Summit on September 21 in Lausanne, Switzerland, where they will lead a workshop examining Cyber Incident Response from all angles, alongside Luke Tenery of StoneTurn. Facilitators from Debevoise & Plimpton and StoneTurn will guide attendees through an interactive cybersecurity incident, highlighting…

On July 19, the White House Office of the National Cyber Director (“ONCD”) announced a request for information on cybersecurity regulatory harmonization and regulatory reciprocity (the “Request”). The Request is one of many initiatives arising out of the National Cybersecurity Strategy Implementation Plan released earlier this year, and is reflective of White House’s understanding that too many regulators are operating…

On August 17, 2023, we published an article on Board Responsibility for AI Risk Oversight with Directors & Boards, covering: The promises and risks of AI adoption The rapidly evolving regulatory landscape Application of the Caremark standard to AI risks Overlap of AI and ESG risks Board responsibility for AI oversight Awareness of critical AI uses and risks Understanding resource…