On July 19, the White House Office of the National Cyber Director (“ONCD”) announced a request for information on cybersecurity regulatory harmonization and regulatory reciprocity (the “Request”). The Request is one of many initiatives arising out of the National Cybersecurity Strategy Implementation Plan released earlier this year, and is reflective of White House’s understanding that too many regulators are operating…
On August 17, 2023, we published an article on Board Responsibility for AI Risk Oversight with Directors & Boards, covering: The promises and risks of AI adoption The rapidly evolving regulatory landscape Application of the Caremark standard to AI risks Overlap of AI and ESG risks Board responsibility for AI oversight Awareness of critical AI uses and risks Understanding resource…
Key takeaways from June and July include: Data transfers to the U.S.: Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S. Data Privacy Framework, assess whether they are eligible to self-certify and, if they are, whether it makes sense to. Interplay between data protection and competition law: Businesses with high market…
The White House has certainly been true to its word on pushing forward on cyber. In July 2023, following the release of the Biden Administration’s (“the Administration”) National Cybersecurity Strategy (the “Strategy”), the Administration announced its Implementation Plan, detailing initiatives to execute the Strategy. Following that, the White House Office of the National Cyber Director (“ONCD”) announced a request for…
In June, the Aspen Institute hosted a fireside chat with Jen Easterly, Director of the Cybersecurity Infrastructure Security Agency (“CISA”) to discuss current developments in cybersecurity and how the government is responding. Aligned with the White House’s National Cybersecurity Strategy released earlier this year and the May 2021 Executive Order on Improving the Nation’s Cybersecurity, Easterly discussed CISA’s security by…
On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed rules (the “Proposed Rules”) that would require broker-dealers and investment advisers (collectively, “firms”) to evaluate their use of predictive data analytics (“PDA”) and other covered technologies in connection with investor interactions and to eliminate or neutralize certain conflicts of interest associated with such use. The Proposed Rules…
On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the Final Rules, and changes from the Proposing Release,[1] in our July 27, 2023 update. In this companion update, we discuss key takeaways across three areas for issuers to consider: Disclosure…
U.S. state privacy continues to be at the forefront of legislative and policymaking activity. Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act (“MHMDA”) deserves closer attention due to its breadth as well as its novel—and potentially onerous—provisions. This post highlights key aspects of the MHMDA with a focus on net-new provisions that…
On July 10, 2023, the European Commission adopted with immediate effect an adequacy decision for the EU-U.S. Data Privacy Framework (the “DPF”). The decision enables businesses in Europe to transfer personal data to DPF-certified U.S. businesses without having to implement additional data protection safeguards. In this Debevoise Data Blog post, we explain the DPF’s scope and operation, discuss implications for…
On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused on cybersecurity regulation with a growing universe of rules aimed at different types of SEC registrants, including: (i) its proposed cybersecurity rules for registered investment advisers and funds and market entities,…