Mengyi Xu – Page 3 – Debevoise Data Blog

NYDFS

NYDFS Proposed Significant Changes to Its Cybersecurity Rules

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Charu A. Chandrasekhar, HJ Brehmer, Michelle Huang and Mengyi Xu August 1, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24-hour notification for cyber ransom…

Artificial Intelligence

New Automated Decision-Making Laws: Four Tips for Compliance

By: Avi Gesser, Robert Maddox, Anna Gressel, Mengyi Xu, Samuel J. Allaman and Andres S. Gutierrez June 25, 2022

With the widespread adoption of artificial intelligence (“AI”) and other complex algorithms across industries, many business decisions that used to be made by humans are now being made (either solely…

SEC

The SEC’s New Risk Alert Warns about the Use of Alternative Data

By: Andrew J. Ceresney, Avi Gesser, Julie M. Riewe, Kristin Snyder, Jonathan R. Tuttle, Charu A. Chandrasekhar and Mengyi Xu May 2, 2022

On April 26, 2022, the Division of Examinations (“EXAMS”) of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert titled “Investment Adviser MNPI Compliance Issues” (“Risk Alert”) on…

Automated Decision Making

China Publishes New Draft Regulations on Data Security

By: Luke Dembosky, Avi Gesser, Mark Johnson, Philip Rohlik, Ralph Sellar, Johanna Skrzypczyk, Martha Hirst, Mengyi Xu and Eva Yue Niu December 9, 2021

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released the draft “Network Data Security Management Regulations” (the “Draft Regulations”) for public comment. The Draft Regulations have major implications…

Artificial Intelligence

Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence

By: Avi Gesser, Anna Gressel and Mengyi Xu October 14, 2021

On September 7, 2021, the Board of the International Organization of Securities Commissions (“IOSCO”) issued a final report entitled “The Use of Artificial Intelligence and Machine Learning by Market Intermediaries…

Enforcement

Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations

By: Avi Gesser, Charu A. Chandrasekhar, Eric Silverberg, Mengyi Xu and Adrian Gonzalez September 20, 2021

As part of our ongoing series on enforcement actions by the Securities and Exchange Commission (“SEC”) in data- and cybersecurity-related matters (here, here, and here), we have been closely tracking…

Enforcement

The Latest Round of SEC Cybersecurity Enforcement Actions Targets MFA Deficiencies, Inadequate Policies, and Misleading Breach Notifications

By: Avi Gesser, Jim Pastore and Mengyi Xu September 1, 2021

On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a)…

Automated Decision Making

Effective Access Controls, Timely Breach Notification, and Other Takeaways from the Latest NYDFS Cyber Resolution

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Johanna Skrzypczyk, Christopher S. Ford, Parker Eudy and Mengyi Xu April 15, 2021

On April 14, 2021, the New York State Department of Financial Services (the “DFS”) announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by…

Cybersecurity

The SEC’s Cybersecurity Priorities for Registered Investment Advisers – Looking Back to Anticipate the Road Ahead

By: Jim Pastore, Avi Gesser, Luke Dembosky, Jeremy Feigelson, Mengyi Xu and Tricia Reville March 11, 2021

Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. Today, we’re taking a deeper dive into one aspect of those priorities: cybersecurity as it…

Litigation

Court Chips Away at Privilege Protections for Cyber Forensic Reports

By: Jim Pastore, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Corey Goldstein and Mengyi Xu January 14, 2021

On January 12, Judge James Boasberg of the U.S. District Court for the District of Columbia granted plaintiff Guo Wengui’s motion to compel production of a report (the “Report”)—and related…