Debevoise Data Blog – Page 44

European Data Protection Roundup – June & July 2023

By: Robert Maddox, Friedrich Popp, Martha Hirst, Aisling Cowell, Tristan Lockwood, Maria Epishkina, Maria Santos and Sergej Bräuer August 16, 2023

Key takeaways from June and July include: Data transfers to the U.S.: Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Interplay between data protection and competition law: Businesses with high market…

National Cybersecurity Strategy (Part 2): The White House Targets Threat Actors and Urges International Partnerships

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Michael R. Roberts, Noah L. Schwartz, Stephanie Thomas, Jarrett Lewis and Jacob Hochberger August 15, 2023

The White House has certainly been true to its word on pushing forward on cyber. In July 2023, following the release of the Biden Administration’s (“the Administration”) National Cybersecurity Strategy (the “Strategy”), the Administration announced its Implementation Plan, detailing initiatives to execute the Strategy. Following that, the White House Office of the National Cyber Director (“ONCD”) announced a request for…

Security by Design and Default: CISA Looks to Drive Changes in Manufacturer Responsibility, Consumer Education and Private-Public Information Sharing

By: Luke Dembosky, Erez Liebermann and Stephanie Thomas August 14, 2023

In June, the Aspen Institute hosted a fireside chat with Jen Easterly, Director of the Cybersecurity Infrastructure Security Agency (“CISA”) to discuss current developments in cybersecurity and how the government is responding. Aligned with the White House’s National Cybersecurity Strategy released earlier this year and the May 2021 Executive Order on Improving the Nation’s Cybersecurity, Easterly discussed CISA’s security by…

SEC Proposes Rule to Eliminate or Neutralize Conflicts of Interest in the Use of “Predictive Data Analytics” Technologies

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Avi Gesser, Robert B. Kaplan, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Matt Kelly, Gary Murphy, Sheena Paul, Jarrett Lewis, Catherine Morrison and Mengyi Xu August 14, 2023

On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed rules (the “Proposed Rules”) that would require broker-dealers and investment advisers (collectively, “firms”) to evaluate their use of predictive data analytics (“PDA”) and other covered technologies in connection with investor interactions and to eliminate or neutralize certain conflicts of interest associated with such use. The Proposed Rules…

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the Final Rules, and changes from the Proposing Release,[1] in our July 27, 2023 update. In this companion update, we discuss key takeaways across three areas for issuers to consider: Disclosure…