Big businesses, especially those with a global footprint and operating in regulated sectors, are increasingly confronted with new and diverging cyber incident reporting requirements. A single incident—even a relatively minor one—may require notification to dozens of data protection, cyber, law enforcement, and sectoral regulators around the world, in addition to insurers, customers, and counterparties. Not only do many regulatory reporting…

On May 26, 2023, the Colorado Division of Insurance (the “DOI”) released its Revised Draft Algorithm and Predictive Model Governance Regulation (the “Revised Regulation”), amending its initial draft regulation (the “Initial Regulation”), which was released on February 1, 2023. The Revised Regulation imposes requirements on Colorado-licensed life insurance companies that use external consumer data and information sources (“ECDIS”), as well…

The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way. IAPP’s Jennifer Bryant interviewed Matt Kelly on topics from changes in practice technology over the course of his legal career, to the importance of mentorship and professional relationships, to the reasons he…

On May 18, 2023 Debevoise & Plimpton hosted the Second Annual Cyber Counsel Conference. Peers on cyber legal teams gathered for a day of candid conversation, exclusive guests and lots of opportunities for networking. This year’s program brought together speakers from in-house, regulatory agencies and law enforcement: Eric Goldstein, the Deputy Director of CISA, opened the conference with a keynote…

Avi Gesser, Co-Chair of the Data Strategy & Security group spoke with host Tony Lee on SHRM’s All Things Work podcast, about where AI tools excel and where they falter when used by workers. Listen to the podcast HERE. — SHRM published an accompanying article quoting Avi, entitled “The Promise and Peril of Artificial Intelligence,” about how employers and employees…

Tracey Read at Law360 Pulse interviewed Avi Gesser, partner in the Data Strategy & Security group, on the growth of Generative AI practices at law firms. The article recognizes the Debevoise Data Strategy & Security group as one of the first movers in the space, when “[i]n early 2020 Debevoise & Plimpton LLP rebranded its cyber privacy practice — which…

On Tuesday, May 16th, 2023, Andrew Bab of the Mergers & Acquisitions and Private Equity Groups and Co-Chair of the Healthcare & Life Sciences Group, Avi Gesser of the Data Strategy & Security Group, Paul Rubin, Co-Chair of the Healthcare & Life Sciences Group and the Chair of the FDA Regulatory practice and Melissa Runsten, a corporate associate published an…

On Friday, May 12, 2023, Eric Dinallo of our Insurance Regulatory Group and Avi Gesser and Suchita Brundage of our Data Strategy & Security Group hosted an informative discussion on ChatGPT and other Generative AI policies for insurance companies. This webcast covered: Various approaches to adopting Generative AI, including bans, licenses, and pilot programs; Examples of generally permitted and generally…

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced. Updated EU “One-Stop Shop” guidance: Non-EEA established businesses may want to revisit their breach notification procedures after…

Luke Dembosky, Erez Liebermann and Jim Pastore have been named to Cybersecurity Docket’s “Incident Response 50” list for 2023. The list recognizes the “50 best incident response legal and compliance professionals in the industry” and is described by Cybersecurity Docket as the top 50 incident response attorneys and compliance professionals who not only have the right credentials and experience to…