Compliance – Debevoise Data Blog

Artificial Intelligence

Top 10 (Well, 11) Cybersecurity Blog Posts for 2024

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Gareth Hughes, Erez Liebermann, Jim Pastore, Caroline Novogrod Swett, Marshal Bozzo, Matt Kelly, Robert Maddox, Johanna Skrzypczyk, HJ Brehmer, Stephanie Cipolla, Jackie Dorward, Melyssa Eigen, Joshua A. Goland, Martha Hirst, Karen Joo, Gabriel Kohan, Jarrett Lewis, Noah L. Schwartz, Ned Terrace, Stephanie Thomas, Annabella M. Waszkiewicz, Michiko Wongso and Mengyi Xu December 10, 2024

As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…

Artificial Intelligence

CPPA Proposed Rulemaking Package Part 1 – Cybersecurity Audits

By: Avi Gesser, Matt Kelly, Johanna Skrzypczyk, HJ Brehmer, Amer Mneimneh, Ned Terrace and Mengyi Xu December 3, 2024

On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) opened the formal public comment period for its recently approved formal proposed rulemaking package for annual cybersecurity audits, automated…

Artificial Intelligence

Part 2 – Helpful Guidance on Managing (Non-Cybersecurity) AI Risks from Hong Kong’s SFC

By: Luke Dembosky, Avi Gesser, Gareth Hughes, Erez Liebermann, Matt Kelly, Emily Lam and Suchita Mandavilli Brundage November 21, 2024

In Part 1 of this series, we discussed the recent Circular and accompanying Appendix issued by Hong Kong’s Security and Futures Commission (the “SFC”) on cybersecurity risks and mitigations related…

Artificial Intelligence

Helpful Guidance on Managing AI-Related Cybersecurity Risks from Hong Kong’s SFC

By: Avi Gesser, Erez Liebermann, Luke Dembosky, Gareth Hughes, Matt Kelly, Emily Lam and Suchita Mandavilli Brundage November 18, 2024

On November 12, 2024, Hong Kong’s Security and Futures Commission (the “SFC”) issued a Circular (the “Circular”) with an accompanying appendix (the “Appendix”) setting out the SFC’s view of the…

Compliance

Part 500, One Year Later (Part Two) – Defining “Material Compliance”

By: Luke Dembosky, Avi Gesser, Erez Liebermann, Stephanie Thomas and Joshua A. Goland November 13, 2024

November 1, 2024 marked the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”).…

Compliance

Cyber Whistleblower Leads to DOJ Civil Settlement

By: Avi Gesser, Luke Dembosky, Andrew M. Levine, Erez Liebermann, Jim Pastore, Stephanie Cipolla and Michelle Shen November 4, 2024

On October 22, 2024, the U.S. Department of Justice (“DOJ”) announced that The Pennsylvania State University (“Penn State”), a public university in University Park, Pennsylvania, agreed to pay $1.25 million…

Artificial Intelligence

DOJ Updates Guidance on Corporate Compliance Programs to Include AI Risk Management

By: Helen V. Cantwell, Avi Gesser, Andrew M. Levine, David A. O'Neil, Winston M. Paes, Jane Shvets, Douglas Zolkind and Erich O. Grosz September 25, 2024

On September 23, 2024, the U.S. Department of Justice updated its guidance to federal prosecutors related to the “Evaluation of Corporate Compliance Programs” (the “ECCP”).[1] This revision, the first since…