On January 18, 2022, Avi Gesser from our Data Strategy and Security Group spoke at a webcast for the Risk Management Association on complying with shrinking breach notification deadlines. The program included information about revising incident response plans and other tips from the front lines including information regarding: 36 Hour breach notification obligations and how they apply to banks; Which…

The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to protect their systems.  As a result, cybersecurity best practices have evolved to include not only preventative measures, but also robust preparations for responding to cyber incidents, so that companies can…

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and enforcement priorities. Despite a number of recent judicial defeats that have significantly hampered the FTC’s ability to obtain: (1) injunctive relief when purported violative behavior is not ongoing; and (2)…

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently disclosed critical vulnerability in the widely used, open-source Java logging package, Log4j (CVE-2021-44228), and other subsequently announced related vulnerabilities, which is reportedly being “widely exploited” by attackers and “poses a…

In June 2020, Debevoise’s Data Strategy and Security practice group launched the Debevoise Data Blog, where we regularly publish our insights on developments and trends in cybersecurity, artificial intelligence, and privacy. In a recent ranking of legal technology blogs, the Debevoise Data Blog was ranked #9 (out of 45) based on traffic volume, social media followers, domain authority, and content…

The Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”)—enshrined in the California Privacy Rights Act (“CPRA”)—take effect on January 1, 2023.  In addition, the Colorado Privacy Act (“ColoPA”) takes effect on July 1, 2023.  These developments have companies understandably concerned about complying with a patchwork of state laws. How can companies prepare? Diligently…

On December 16, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group were joined by Maeve O’Connor and Jyotin Hamid of our Commercial Litigation Group for a special installment of our Data Security Webcast on artificial intelligence (AI) and cybersecurity whistleblowers. While AI helps companies generate value, it also produces a variety of risks and ethical issues. During…

On December 7, 2021, the New York Department of Financial Services (“DFS”) released new guidance on multifactor authentication (“MFA”), indicating that it is increasing its review of MFA during examinations, with a particular emphasis on probing for the common MFA failures discussed below. The DFS issued the Guidance in response to rising cybersecurity threats and exploitation by threat actors of…

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications for companies that process data within China as, once adopted, they will implement the country’s three-pillar data protection regime framework:  the Cybersecurity Law (“CSL”); the Data Security Law (“DSL”); and…

On November 10, 2021, Avi Gesser and Anna Gressel from Debevoise’s Data Strategy and Security Group shared their insights as part of a World Bank panel on FinTech and Racial Equity, moderated by Kiril Nejkov of the International Finance Corporation. Avi and Anna, along with co-panelists Kareem Saleh of Fairplay AI and Tatiana Campello of Demarest, highlighted how artificial intelligence…