Cybersecurity – Debevoise Data Blog

Cybersecurity

HUD Proposes to Narrow its Cyber Incident Notification Requirement

By: Avi Gesser, Erez Liebermann, Anna Moody, Stephanie Thomas and Karen Joo October 10, 2024

Earlier this year, the U.S. Department of Housing and Urban Development (“HUD”) released an unannounced and immediately effective Cyber Incident Reporting Requirement (the “Original Requirements”) in Mortgagee Letter 2024-10, which…

Cybersecurity

The EU’s Draft NIS2 Regulations: Appropriate ICT Security Measures and Serious Incident Reporting

By: Robert Maddox and Martha Hirst August 12, 2024

The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the…

Cybersecurity

Very Broad and Very Fast: The New Federal Housing Administration’s 12-Hour Cyber Incident Notification Rule

By: Courtney M. Dankworth, Avi Gesser, Satish Kini, Erez Liebermann, Gregory Lyons, Matt Kelly, Anna Moody, Jehan A. Patterson, Alexandra Mogul, Michelle Huang and Karen Joo May 28, 2024

On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) announced that, effective immediately, Federal Housing Administration (“FHA”)-approved Mortgagees are subject to a drastically heightened cybersecurity incident…

Cybersecurity

The SEC Adopts Significant Cybersecurity Amendments to Reg S-P

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Sheena Paul, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Anna Moody, Johanna Skrzypczyk, Suchita Mandavilli Brundage and Ned Terrace May 17, 2024

On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track…

Announcement

Announcing the Debevoise Tracker for Cybersecurity Incident Disclosure on Form 8-K

By: Avi Gesser, Benjamin R. Pedersen, John Jacob and Talia Lorch March 6, 2024

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of…

CJEU

European Data Protection Roundup – January 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Martha Hirst, Jeevika Bali, Samuel Thomson and Alexia Turpin February 28, 2024

Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…

Automated Decision Making

European Data Protection Roundup – December 2023

By: Robert Maddox, Friedrich Popp, Sergej Bräuer, Fanny Gauthier, Aisling Cowell, Martha Hirst, Oliver Binns, Ryan Fincham, Samuel Thomson and Alexia Turpin January 25, 2024

Key takeaways from December include: Concept of non-material damage under GDPR: In an expansive reading of the right to compensation under GDPR, a data subject’s fear that their personal data…

Webcast

Webcast: Cybersecurity Desk Guide for Counsel: Collaborating with External Stakeholders

By: Erez Liebermann and Martha Hirst January 24, 2024

On Monday, February 12, 2024 from 11:00 am to 12:00 pm EST, Erez Liebermann and Martha Hirst from the Debevoise Data Strategy and Security Group will host the next in…

Cybersecurity

Webcast: Cybersecurity for Counsel Series – Collaborating with Internal Stakeholders

By: Erez Liebermann, Kelly Harris, Dan Sutherland and Martha Hirst December 19, 2023

On December 19, 2023, Erez Liebermann and Martha Hirst from the Debevoise Data Strategy and Security Group hosted the first in a series of webcasts in connection with the release…

Cybersecurity

Webcast: SEC Cybersecurity Rules for Issuers – Part 3: Practice Guide Q&A

By: Luke Dembosky, Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann and Benjamin R. Pedersen December 8, 2023

On December 1, 2023 partners from our Data Strategy & Security, Securities Enforcement, and Capital Markets practices discussed practice tips to implement the SEC’s new cybersecurity rules. Receive the full…