Debevoise Data Blog – Page 6

Debevoise Announces New Blog Dedicated to Fintech and Digital Assets

By: Avi Gesser February 3, 2022

The Banking Group of Debevoise & Plimpton LLP has launched the Debevoise Fintech Blog to help financial institutions sift through this complex legal landscape and keep abreast of developments in fintech and digital assets. The blog will cover topics spanning the fintech and digital assets regulatory landscape, including stablecoin, custody, anti-money laundering and sanctions, securities law, money transmission, capital and…

CCPA Enforcement Update: California AG Announces a New Enforcement Sweep Targeting Customer Loyalty Programs

By: David Sarratt, Christopher S. Ford and HJ Brehmer January 31, 2022

On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating customer loyalty programs. This sweep of notices follows the Attorney General’s initial round issued on July 1, 2020 and was summarized in the Attorney General’s July 2021 enforcement examples, which…

Credential Stuffing Continues: Practical Guidance to Protect Customer Information

By: Avi Gesser, Michael R. Roberts and Suchita Mandavilli Brundage January 31, 2022

In September 2020, we wrote about the risks of credential stuffing attacks following the New York Attorney General’s (NYAG) settlement with Dunkin’ Donuts. Since then, these attacks have continued, and regulators’ expectations of companies’ efforts to reduce the risk of credential stuffing attacks for their customers’ online accounts have increased. On January 5, 2022, the NYAG’s Bureau of Internet and…

Webcast – AI Benefits and Risks for the Insurance Industry: A Regulator’s View

By: Avi Gesser January 27, 2022

On January 20, 2022, Avi Gesser (Co-Chair of the Debevoise Data Strategy & Security Group), joined a panel discussion with Jon Godfread (North Dakota Insurance Commissioner and Chair of the NAIC Innovation & Technology Task Force) about current and future AI regulation for the insurance industry. Also on the panel were Howard Mills (President of the Insurance Federation of New…

SEC Cybersecurity Update: Chair Gensler Offers Insight into Upcoming Regulation

By: Avi Gesser, Charu Chandrasekhar, Christopher S. Ford, HJ Brehmer and Matthew C. Rametta January 25, 2022

On January 24, 2022, SEC Chair Gary Gensler gave a speech on cybersecurity rulemaking to the Annual Securities Regulation Institute, outlining a number of key points he expects the SEC will consider in 2022 and emphasizing the SEC’s “key role” on the federal government’s “Team Cyber.” A number of these proposed changes – including broadening the scope of existing SEC…

Webcast – Complying with the 36-Hour Breach Notification Rule for Banks and Other Short Deadlines – Revising Incident Response Plans and Tips from the Front Lines

By: Avi Gesser January 24, 2022

On January 18, 2022, Avi Gesser from our Data Strategy and Security Group spoke at a webcast for the Risk Management Association on complying with shrinking breach notification deadlines. The program included information about revising incident response plans and other tips from the front lines including information regarding: 36 Hour breach notification obligations and how they apply to banks; Which…

Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule

By: Luke Dembosky, Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Andres Gutierrez and Michelle Huang January 19, 2022

The Value of Cybersecurity Incident Response Plans As cyberattacks continue to plague U.S. companies, cybersecurity remains a core risk, even for businesses that have invested heavily in technical measures to protect their systems. As a result, cybersecurity best practices have evolved to include not only preventative measures, but also robust preparations for responding to cyber incidents, so that companies can…

A New Era of FTC Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure

By: Luke Dembosky, Avi Gesser, Ted Hassi, Jim Pastore, Paul D. Rubin, Johanna Skrzypczyk, Christopher S. Ford, Leah Martin and Melissa Runsten January 14, 2022

Companies developing Federal Trade Commission (“FTC”) compliance programs, or under investigation by the FTC’s Bureau of Consumer Protection, should be aware of significant developments impacting the Commission’s regulatory authority and enforcement priorities. Despite a number of recent judicial defeats that have significantly hampered the FTC’s ability to obtain: (1) injunctive relief when purported violative behavior is not ongoing; and (2)…

Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data

By: Luke Dembosky, Avi Gesser and Michael R. Roberts January 7, 2022

Be prepared for increasing scrutiny from the Federal Trade Commission (“FTC”) and other regulators regarding the Log4j vulnerability. The attention of the cybersecurity community has been captured by the recently disclosed critical vulnerability in the widely used, open-source Java logging package, Log4j (CVE-2021-44228), and other subsequently announced related vulnerabilities, which is reportedly being “widely exploited” by attackers and “poses a…

The Debevoise Data Blog Receives a Top Ten Ranking in Its Second Year

By: Avi Gesser and HJ Brehmer December 31, 2021

In June 2020, Debevoise’s Data Strategy and Security practice group launched the Debevoise Data Blog, where we regularly publish our insights on developments and trends in cybersecurity, artificial intelligence, and privacy. In a recent ranking of legal technology blogs, the Debevoise Data Blog was ranked #9 (out of 45) based on traffic volume, social media followers, domain authority, and content…