Debevoise Data Blog – Page 9

EU Digital Operational Resilience Act (“DORA”): Incident and Cyber Threat Reporting and Considerations for Incident Response Plans

By: Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz and Michiko Wongso May 13, 2024

With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain…

The EU AI Act: While We Wait

By: Avi Gesser, Matt Kelly and Martha Hirst May 6, 2024

Despite much fanfare, and a process that seems to edge ever nearer to completion, the EU AI Act still has not been formally adopted. The Act still has to undergo a final European Council vote before it can be published in the Official Journal, 20 days after which it will be finally adopted; this is widely expected to occur sometime…

Top 10 Cybersecurity Measures for Deploying AI Systems from the NSA, FBI and CISA

By: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Stephanie Cipolla and Noah L. Schwartz May 2, 2024

The integration of artificial intelligence into companies’ business practices poses increased cybersecurity risks, which we have previously written about here. As AI systems become ubiquitous, they also become targets for cyberattacks due to their valuable data and operational significance, and because their rapid development may leave certain AI systems outside some of a company’s robust cybersecurity controls. As the U.S.…

Treasury’s Report on AI (Part 1) – Governance and Risk Management

By: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Matt Kelly, Johanna Skrzypczyk, Michelle Huang, Sharon Shaji and Annabella M. Waszkiewicz April 29, 2024

On March 27, 2024, the U.S. Department of Treasury (“Treasury”) released a report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). The Report was released in response to President Biden’s Executive Order (“EO”) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which spearheaded a government-wide effort to issue Artificial Intelligence (“AI”)…

European Data Protection Roundup – March 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Sophie Michalski, Michiko Wongso, Barney Lynock, Alexander McGinley, Deniz Tanyolac, Samuel Thomson and Alexia Turpin April 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. DPA powers to order deletion: Per a recent CJEU decision, DPAs can inquire whether personal data has been unlawfully processed and order the deletion without…

Preparing for AI Whistleblowers

By: Avi Gesser, Charu A. Chandrasekhar, Arian June, Michelle Huang, Sharon Shaji and Cooper Yoo April 24, 2024

As artificial intelligence (“AI”) use and capabilities surge, a new risk is emerging for companies: AI whistleblowers. Both increased regulatory scrutiny over AI use and record-breaking whistleblower activity has set the stage for an escalation of AI whistleblower-related enforcement. As we’ve previously written and spoken about, the risk of AI whistleblowers is rising as whistleblower protections and awards expand, internal…

Webcast – Discussion of the Treasury AI/Cyber Report

By: Erez Liebermann April 23, 2024

On April 29th, 2024, Debevoise partner Erez Liebermann were joined in conversation with Todd Conklin, the Chief Artificial Intelligence Officer and Deputy Assistant Secretary of Cyber at the U.S. Department of the Treasury. They discussed the recent report by the U.S. Department of the Treasury on “Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Sector.” If you were unable to…

Mitigating AI Risks for Customer Service Chatbots

By: Avi Gesser, Jim Pastore, Matt Kelly, Gabriel Kohan, Melissa Muse and Joshua A. Goland April 16, 2024

Online customer service chatbots have been around for years, allowing companies to triage customer queries with pre-programmed responses that addressed customers’ most common questions. Now, Generative AI (“GenAI”) chatbots have the potential to change the customer service landscape by answering a wider variety of questions, on a broader range of topics, and in a more nuanced and lifelike manner. Proponents…

Webcast – CISA Proposes Major Reporting Obligations for Critical Infrastructure

By: Luke Dembosky, Erez Liebermann, HJ Brehmer and Stephanie Thomas April 12, 2024

On April 22, 2024, Luke Dembosky, Erez Liebermann, HJ Brehmer, and Stephanie Thomas from our Data Strategy and Security Group hosted the next installment of our Data Security Webcast, where they delved into the Cybersecurity and Infrastructure Security Agency (“CISA”) notice of proposed rulemaking (“Proposed Rule”) for reporting requirements for critical infrastructure entities that experience covered cybersecurity incidents developed pursuant…

CISA Proposes Major Reporting Obligations for Critical Infrastructure

By: Avi Gesser, Luke Dembosky, Jim Pastore, Erez Liebermann, Caroline Novogrod Swett, HJ Brehmer, Gabriel Kohan, Michael R. Roberts, Stephanie Thomas and Annabella M. Waszkiewicz April 8, 2024

Adding to the growing number of cybersecurity incident reporting obligations, the Cybersecurity and Infrastructure Security Agency (“CISA”) has introduced a reporting requirement that will impact all critical infrastructure sectors, featuring highly detailed reporting duties that necessarily will require covered entities to maintain asset inventories, along with subpoena power and criminal enforcement authority. Back in March 2022, President Biden signed the…