Debevoise Data Blog – Page 6

Tips for Adopting Generative AI — On Demand Webcast

By: Avi Gesser, Kristin Snyder and Matt Kelly October 23, 2023

On October 20, 2023, Avi Gesser, Kristin Snyder and Matt Kelly from the Debevoise AI Practice Group, hosted a webcast that reviewed some of the key challenges for deployment of AI systems, along with special guest, Andrew McLaughlin, Co-founder & Partner at Higher Ground Labs. They also discussed a practical framework for analyzing AI adoption risk and some of the…

European Data Protection Roundup – September 2023

By: Robert Maddox, Friedrich Popp, Martha Hirst, Aisling Cowell, Anna Chirniciuc, Samuel Thomson, Jeevika Bali and Lucas Orchard-Clark October 20, 2023

Key takeaways from September include: UK-US data bridge: From 12 October 2023, UK businesses will be able to transfer personal data to certain US organisations certified under a UK-specific extension to the EU-U.S. Data Privacy Framework, without additional GDPR safeguards; AI Foundation Models: Consumers and developers of AI Foundation models (“FMs”) should take care to ensure they respect existing data…

The SEC’s 2024 Examination Priorities: Continued Scrutiny of Cybersecurity Policies and Procedures

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Kristin Snyder, Erez Liebermann, Matt Kelly and Mengyi Xu October 18, 2023

On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) issued its 2024 Examination Priorities (the “2024 Priorities”). The 2024 Priorities reflect the Commission’s continued scrutiny of information security and operational resiliency at registrants and the risks posed by third-party service providers, as well as new attention to artificial intelligence and other forms of so-called emerging financial technology. Information Security…

Eight GDPR Questions when Adopting Generative AI

By: Avi Gesser, Robert Maddox, Friedrich Popp and Martha Hirst October 10, 2023

As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations, including the EU and UK GDPR. In this blog post, we outline eight questions businesses may want to ask when developing or adopting new Generative AI tools or when considering…

The Final Colorado AI Insurance Regulations: What’s New and How to Prepare

By: Avi Gesser, Erez Liebermann, Eric Dinallo, Matt Kelly, Corey Goldstein, Stephanie Thomas, Samuel J. Allaman and Basil Fawaz October 3, 2023

On September 21, 2023, the Colorado Division of Insurance (the “DOI”) released its Final Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models (the “Final Regulation”). As discussed below, the Final Regulation (which becomes effective on November 14, 2023) reflects several small changes from the previous version of…

European Data Protection Roundup – August 2023

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Stephanie Thomas, Tristan Lockwood, Melissa Muse, Melyssa Eigen, Maria Epishkina and David Z. Rochelle September 27, 2023

Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest arising in light of the Spanish AEPD’s €5,000 fine for related failures; Automated decision-making: Businesses need not disclose the algorithms used in automated decision-making in response to data subject access requests,…

UK Online Safety Bill Passed – An FAQ

By: Robert Maddox, Martha Hirst and Allegra De Lorenzo September 26, 2023

After years of deliberation, the UK passed its long-awaited Online Safety Bill (the “OS Bill”). It imposes content moderation requirements on certain online platforms and service providers to address illegal and harmful content. The OS Bill reflects a recent trend to scrutinise online platforms’ and service providers’ operations, particularly their interaction with children. For example, the UK ICO has made…

California Privacy Protection Agency Begins CCPA Rulemaking for Cybersecurity Audits

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts and HJ Brehmer September 20, 2023

Earlier this month, staff at the California Privacy Protection Agency (the “Agency” or “CPPA”) put forward Draft Cybersecurity Audit Regulations (“the Draft”) for the CPPA Board’s consideration. While the Agency has yet to begin formal rulemaking, the Draft suggests an ambitious role for the Agency in setting cybersecurity norms for entities covered by the CCPA and echoes requirements found elsewhere…

Cybersecurity Threats, Regulatory Developments, and the Role of Lawyers – for NY State Cyber CLE Credit

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser and Erez Liebermann September 20, 2023

On Tuesday, September 19, the partners in the Debevoise Data Strategy and Security group — Charu Chandresekhar, Luke Dembosky, Avi Gesser, and Erez Liebermann — provided a CLE on the latest cybersecurity threats and regulatory developments, as well as tips for lawyers on how to prepare for and respond to cyber incidents. This webinar satisfied the new requirement of 1…

Erez Liebermann and Robert Maddox to Present at FT Cyber Resilience Summit

By: Erez Liebermann and Robert Maddox September 18, 2023

Data Strategy & Security partner Erez Liebermann and international counsel Robert Maddox will join the Financial Times Cyber Resilience Summit on September 21 in Lausanne, Switzerland, where they will lead a workshop examining Cyber Incident Response from all angles, alongside Luke Tenery of StoneTurn. Facilitators from Debevoise & Plimpton and StoneTurn will guide attendees through an interactive cybersecurity incident, highlighting…