U.S. state privacy continues to be at the forefront of legislative and policymaking activity. Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act…
On July 14, 2023, California Attorney General Rob Bonta announced a California Consumer Privacy Act (“CCPA”) enforcement sweep focused on large California employers’ compliance with the CCPA’s requirements applicable to…
Last month, we wrote about how many companies probably need a policy for Generative AI tools like ChatGPT, Bard and Claude (which we collectively refer to as “ChatGPT”). We discussed…
On March 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) released a suite of proposed new rules (the “Proposed Rules”) that include: Proposed new cybersecurity rules for broker-dealers,…
On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the…
Risk assessments are a critical component of a robust cybersecurity program. To benchmark their risk assessments and cybersecurity maturity reviews, companies often look to recognized industry standards such as the…
ChatGPT is an AI language model developed by OpenAI that was released to the public in November 2022 and already has millions of users. While most people were initially using…
On February 1, 2023, the Colorado Attorney General (“COAG”) held a public hearing as part of its rulemaking process for the Colorado Privacy Act (“ColoPA”). Ahead of the hearing, the…
The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the Practising Law Institute’s 2023 edition of the Privacy Law Answer Book, a user-friendly guide to the laws and…
On January 10, 2023, the Financial Industry Regulatory Authority (“FINRA”) published its 2023 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”), which is intended to provide member firms…