When a company is hit by a cyber attack, normal business gives way to the chaos of managing the investigation, operational disruptions, legal issues, and communications with customers, employees, vendors,…
When drafting policies on the use of artificial intelligence, one challenge that many businesses face is how to define AI, and relatedly, when should AI governance and compliance programs apply…
On July 11, 2024, the New York State Department of Financial Services (the “NYDFS”) adopted Insurance Circular Letter No. 7 regarding the Use of Artificial Intelligence Systems and External Consumer…
Debevoise’s Data Strategy and Security group recently assisted four leading trade associations that represent the financial services industry in preparing a joint comment letter in response to the Cybersecurity and…
On October 27, 2023, the Federal Trade Commission (“FTC”) approved an amendment (“Amended Rule”) to the Standards for Safeguarding Customer Information (the “Safeguards Rule”) that will require non-banking financial institutions…
Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest…
U.S. state privacy continues to be at the forefront of legislative and policymaking activity. Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act…