-
CPPA Proposed Rulemaking Package Part 2—Automated Decision-Making Technology
14 February 2025
Avi Gesser
, Matt Kelly
, Johanna N. Skrzypczyk
, HJ Brehmer
, Ned Terrace
, Mengyi Xu
-
Debevoise Data Blog: European Data Protection Roundup – Q4 2024
17 January 2025
Debevoise Data Blog
Robert Maddox
, Johanna N. Skrzypczyk
, Aisling Cowell
, Stephanie D. Thomas
, Michiko Wongso
-
National Security Update: DOJ Unveils Rules Restricting Sensitive Bulk Data Transfers
10 January 2025
Luke Dembosky
, Rick Sofield
, Carter Burwell
, Robert T. Dura
, Johanna N. Skrzypczyk
, Emily Kennedy
-
Top 10 SEC Cyber/AI Blog Posts for 2024
12 December 2024
Andrew J. Ceresney
, Charu A. Chandrasekhar
, Luke Dembosky
, Avi Gesser
, Eric T. Juergens
, Arian M. June
, Robert B. Kaplan
, Erez Liebermann
, Sheena Paul
, Benjamin R. Pedersen
, Marc Ponchione
, Julie M. Riewe
, Jeff Robins
, Paul M. Rodel
, Kristin A. Snyder
, Jonathan R. Tuttle
, Philip A. Fortino
, Matt Kelly
, Anna Moody
, Stephan J. Schlegelmilch
, Johanna N. Skrzypczyk
, Suchita Mandavilli Brundage
, Kelly Donoghue
, Andreas A. Glimenakis
, Alice Gu
, John Jacob
, Gabriel A. Kohan
, Talia Lorch
, Ciera Mandelsberg
, Noah L. Schwartz
, Ned Terrace
, Mengyi Xu
-
Managing AI-Related Risks Associated with Vendors
December 2024
Charu A. Chandrasekhar
, Avi Gesser
, Kristin A. Snyder
, Matt Kelly
, Johanna N. Skrzypczyk
, Joshua A. Goland
-
Private Equity Report Fall 2024, Vol 24, No 3
December 2024
Megan K. Bannigan
, Ezra Borut
, Andrew J. Ceresney
, Charu A. Chandrasekhar
, Avi Gesser
, Peter J. Irwin
, Robert B. Kaplan
, Rafael Kariyev
, Julie M. Riewe
, Kevin M. Schmidt
, Kristin A. Snyder
, Rick Sofield
, Jared I. Kagan
, Nick S. Kaluk III
, Matt Kelly
, Johanna N. Skrzypczyk
, Andrea Bell
, Jordan Corrente Beck
, Clara Correa
, Jay E. Evans
, Joshua A. Goland
, Samuel D. Krawiecz
, Weichi Liu
, Emily MacKay
, Elliott Tuchman
, John M. Satira
, Sasha Semach
, Chris Zheng
-
CPPA Proposed Rulemaking Package Part 1 – Cybersecurity Audits
3 December 2024
Avi Gesser
, Matt Kelly
, Johanna N. Skrzypczyk
, HJ Brehmer
, Ned Terrace
, Mengyi Xu
, Amer Mneimneh
-
Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS
21 October 2024
Charu A. Chandrasekhar
, Luke Dembosky
, Avi Gesser
, Erez Liebermann
, Johanna N. Skrzypczyk
, Ned Terrace
, Mengyi Xu
-
Debevoise Data Blog: Good AI Vendor Risk Management Is Hard, But Doable
26 September 2024
Debevoise Data Blog
Avi Gesser
, Matt Kelly
, Johanna N. Skrzypczyk
, Tigist Kassahun
, Jarrett Lewis
, Joshua A. Goland
-
NYDFS Adopts Final Circular on Use of AI or External Data by Insurers
15 July 2024
Eric Dinallo
, Avi Gesser
, Erez Liebermann
, Matt Kelly
, Johanna N. Skrzypczyk
, Samuel J. Allaman
, Melyssa Eigen
, Sharon Shaji
-
Federal Trade Commission Finalizes Updates to the Health Breach Notification Rule
20 May 2024
Andrew L. Bab
, Avi Gesser
, Paul D. Rubin
, Kim T. Le
, Melissa Runsten
, Johanna N. Skrzypczyk
, Hannah R. Levine
, Kaitlyn McGill
, Annabella M. Waszkiewicz
-
The SEC Adopts Significant Cybersecurity Amendments to Reg S-P
17 May 2024
Charu A. Chandrasekhar
, Luke Dembosky
, Avi Gesser
, Erez Liebermann
, Marc Ponchione
, Julie M. Riewe
, Jeff Robins
, Kristin A. Snyder
, Anna Moody
, Sheena Paul
, Johanna N. Skrzypczyk
, Suchita Mandavilli Brundage
, Ned Terrace
-
Treasury’s Report on AI (Part 1) – Governance and Risk Management
29 April 2024
Charu A. Chandrasekhar
, Avi Gesser
, Erez Liebermann
, Matt Kelly
, Johanna N. Skrzypczyk
, Sharon Shaji
, Annabella M. Waszkiewicz
-
Complying with New York’s Recently Adopted Employee Privacy Law
28 March 2024
Helen V. Cantwell
, Charu A. Chandrasekhar
, Jyotin Hamid
, Arian M. June
, Tricia Bozyk Sherno
, Johanna N. Skrzypczyk
-
The NYDFS Plans to Impose Significant Obligations on Insurers Using AI or External Data
30 January 2024
Eric Dinallo
, Avi Gesser
, Erez Liebermann
, Matt Kelly
, Johanna N. Skrzypczyk
, Samuel J. Allaman
, Sharon Shaji
-
Law360: What Lawyers Must Know About Calif. State Bar's AI Guidance
30 November 2023
Law360
Avi Gesser
, Johanna N. Skrzypczyk
-
A Summary of the Final Amendments to the NYDFS Cyber Rules
15 November 2023
Charu A. Chandrasekhar
, Luke Dembosky
, Avi Gesser
, Erez Liebermann
, Caroline N. Swett
, Johanna N. Skrzypczyk
, Stephanie D. Thomas
, Joshua A. Goland
-
NYU Compliance & Enforcement: Cybersecurity Experts React to NYDFS’s Amendments to its Cybersecurity Rules
11 November 2023
NYU Compliance & Enforcement
Johanna N. Skrzypczyk
, Avi Gesser
-
Insurance Industry Corporate Governance Newsletter
7 November 2023
Eric Dinallo
, Avi Gesser
, Nicholas F. Potter
, Johanna N. Skrzypczyk
, Michael Pizzi
, Ned Terrace
-
California Attorney General’s CCPA Sweep Indicates Focus on HR Data
21 July 2023
Avi Gesser
, Tricia Bozyk Sherno
, Johanna N. Skrzypczyk
-
Practising Law Institute: Privacy Law Answer Book
23 January 2023
Luke Dembosky
, Avi Gesser
, Jyotin Hamid
, Satish M. Kini
, Henry Lebowitz
, Erez Liebermann
, Maura Kathleen Monaghan
, David A. O'Neil
, Jim Pastore
, David Sarratt
, Jeffrey P. Cunard
, Kim T. Le
, Tricia Bozyk Sherno
, Johanna N. Skrzypczyk
, Michael Bloom
, Fanny Gauthier
, Hannah R. Levine
, Linda Lin
, Kate Saba
, Noah L. Schwartz
, Mengyi Xu
-
Compliance & Enforcement: Legal Risks of Using AI Voice Analytics for Customer Service
11 January 2023
Compliance & Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
, Robert Maddox
, Martha Hirst
-
CLS Blue Sky Blog: Debevoise Discusses What the GDPR Can Tell Us About State Privacy Laws
19 December 2022
CLS Blue Sky Blog
Robert Maddox
, Johanna N. Skrzypczyk
, Martha Hirst
-
NYDFS Publishes Official Amendments to Its Cybersecurity Regulation (Part 2) – Answers to the Top Questions from Our Webcast
30 November 2022
Avi Gesser
, Erez Liebermann
, Johanna N. Skrzypczyk
, Mengyi Xu
-
NYU Compliance & Enforcement: NYDFS Publishes Official Amendments to Its Cybersecurity Regulation
14 November 2022
NYU Compliance & Enforcement
Luke Dembosky
, Avi Gesser
, Erez Liebermann
, Caroline N. Swett
, Johanna N. Skrzypczyk
, Mengyi Xu
-
NYDFS Publishes Official Amendments to Its Cybersecurity Regulation
11 November 2022
Luke Dembosky
, Avi Gesser
, Erez Liebermann
, Caroline N. Swett
, Johanna N. Skrzypczyk
, Mengyi Xu
-
CLS Blue Sky Blog: Debevoise & Plimpton Discusses “Dark Patterns” and Regulatory Scrutiny
20 October 2022
CLS Blue Sky Blog
Avi Gesser
, Johanna N. Skrzypczyk
-
CLS Blue Sky Blog: Debevoise & Plimpton Discusses the SEC’s Most Recent Reg S-P Enforcement Action
7 October 2022
CLS Blue Sky Blog
Avi Gesser
, Kristin A. Snyder
, Erez Liebermann
, Charu A. Chandrasekhar
, Johanna N. Skrzypczyk
-
Lessons From the SEC’s Most Recent Reg S-P Action
6 October 2022
Avi Gesser
, Erez Liebermann
, Kristin A. Snyder
, Charu A. Chandrasekhar
, Johanna N. Skrzypczyk
-
NYU Compliance & Enforcement: California’s Age-Appropriate Design Code Act Expands Businesses’ Privacy Obligations Regarding Minors
27 September 2022
NYU Compliance & Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
, Michael Bloom
, Martha Hirst
, Alessandra G. Masciandaro
-
CPRA Rulemaking Is Underway - Getting Ahead of Enforcement Risks
2 August 2022
Avi Gesser
, David Sarratt
, Christopher S. Ford
, Johanna N. Skrzypczyk
, HJ Brehmer
-
Columbia Blue Sky Blog: Debevoise Discusses What the ADPPA Means for U.S. Data Regulation
15 July 2022
Columbia Blue Sky Blog
Paul D. Rubin
, Avi Gesser
, Johanna N. Skrzypczyk
, Alessandra G. Masciandaro
-
36-Hour Breach Notification for Banks is Here
31 May 2022
Avi Gesser
, Johanna N. Skrzypczyk
-
NYU Compliance & Enforcement: Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records
26 May 2022
NYU Compliance & Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
-
NYU Compliance & Enforcement: Utah Joins the Comprehensive State Privacy Law Club
3 May 2022
NYU Compliance & Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
, Alessandra G. Masciandaro
-
NYU Compliance & Enforcement: Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records
9 March 2022
NYU Compliance & Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
-
Notice of Electronic Monitoring to Employees — New Requirements for Employers in NY State
24 February 2022
Jyotin Hamid
, Tricia Bozyk Sherno
, Johanna N. Skrzypczyk
-
NYU Compliance & Enforcement: Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule
31 January 2022
NYU Compliance & Enforcement
Luke Dembosky
, Avi Gesser
, Johanna N. Skrzypczyk
-
NYU Compliance & Enforcement Blog: A New Era of Federal Trade Commission (“FTC”) Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure
26 January 2022
NYU Compliance & Enforcement Blog
Luke Dembosky
, Avi Gesser
, Ted Hassi
, Paul D. Rubin
, Jim Pastore
, Johanna N. Skrzypczyk
, Leah Martin
, Melissa Runsten
, Christopher S. Ford
-
Law360: What Stablecoin Industry Can Expect From Congress In 2022
25 January 2022
Law360
Luke Dembosky
, Avi Gesser
, Ted Hassi
, Paul D. Rubin
, Jim Pastore
, Johanna N. Skrzypczyk
, Leah Martin
, Melissa Runsten
, Christopher S. Ford
-
Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule
19 January 2022
Luke Dembosky
, Avi Gesser
, Johanna N. Skrzypczyk
-
A New Era of Federal Trade Commission (“FTC”) Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure
12 January 2022
Luke Dembosky
, Ted Hassi
, Avi Gesser
, Jim Pastore
, Paul D. Rubin
, Johanna N. Skrzypczyk
, Christopher S. Ford
, Leah Martin
, Melissa Runsten
-
NYU Compliance & Enforcement Blog: Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws
20 December 2021
NYU Compliance & Enforcement Blog
Avi Gesser
, Johanna N. Skrzypczyk
, Michael Bloom
, Tricia Reville
, Kate Saba
-
Latin Lawyer – The Guide to Corporate Crisis Management: Data Privacy and Cybersecurity: Crisis Avoidance and Management Strategies
16 December 2021
Latin Lawyer – The Guide to Corporate Crisis Management
Andrew M. Levine
, Johanna N. Skrzypczyk
, HJ Brehmer
, Michael Bloom
, Hilary Davidson
, Mengyi Xu
-
Banking Regulators Finalize 36-Hour Data Breach Notification Rule
24 November 2021
Luke Dembosky
, Avi Gesser
, Satish M. Kini
, Gregory J. Lyons
, Johanna N. Skrzypczyk
, Christopher S. Ford
, Alexandra N. Mogul
-
The FTC’s Strengthened Safeguards Rule and the Evolving Landscape of Reasonable Data Security
18 November 2021
Avi Gesser
, Satish M. Kini
, Johanna N. Skrzypczyk
-
Compliance and Enforcement: Face Forward: Strategies for Complying with Facial Recognition Laws (Part II of II)
1 November 2021
Compliance and Enforcement
Avi Gesser
, Johanna N. Skrzypczyk
-
Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition
27 October 2021
Avi Gesser
, Johanna N. Skrzypczyk
-
New York University School of Law Blog: Face Forward: Strategies for Complying with Facial Recognition Laws (Part I of II)
21 October 2021
New York University School of Law Blog
Avi Gesser
, Johanna N. Skrzypczyk
-
Face Forward: Strategies for Complying with Facial Recognition Laws
Part 1: The Current Patchwork
20 October 2021
Avi Gesser
, Johanna N. Skrzypczyk
-
China Passes the Personal Information Protection Law
1 September 2021
Luke Dembosky
, Avi Gesser
, Edwin Northover
, Jim Pastore
, Emily Lam
, Philip Rohlik
, Johanna N. Skrzypczyk
, Tingting Wu
-
Harvard Law School Forum on Corporate Governance: The SEC’s Cyber Priorities and Four Ways for Companies to Reduce Regulatory Risk
11 August 2021
Harvard Law School Forum on Corporate Governance
Avi Gesser
, Johanna N. Skrzypczyk
, Suchita Mandavilli Brundage
-
The SEC’s Cyber Priorities and Four Additional Ways for Companies to Reduce Regulatory Risk
29 July 2021
Avi Gesser
, Johanna N. Skrzypczyk
, Suchita Mandavilli Brundage
-
Key Takeaways from the First Year of CCPA Enforcement
28 July 2021
Jim Pastore
, David Sarratt
, Johanna N. Skrzypczyk
, HJ Brehmer
, Christopher S. Ford
-
CLS Blue Sky Blog: Debevoise & Plimpton Discusses New Privacy Legislation in the U.S.: The Patchwork Problem Grows
26 July 2021
CLS Blue Sky Blog
Johanna N. Skrzypczyk
, Kim T. Le
, HJ Brehmer
-
Department of Labor Intensifies Cyber Readiness Inquiries Among Retirement Plan Administrators
13 July 2021
Lawrence K. Cagney
, Avi Gesser
, Jonathan F. Lewis
, Jim Pastore
, Johanna N. Skrzypczyk
-
The Supreme Court TransUnion Case Part 1 — What It Means for Standing in Cyber Cases
8 July 2021
Avi Gesser
, Johanna N. Skrzypczyk
-
Seven Tips for Reducing CCPA Litigation Risks – Lessons from the First 18 Months
22 June 2021
Avi Gesser
, Jim Pastore
, Johanna N. Skrzypczyk
, HJ Brehmer
, Christopher S. Ford
-
Effective Access Controls, Timely Breach Notification and Other Takeaways from the Latest NYDFS Cyber Resolution
15 April 2021
Luke Dembosky
, Avi Gesser
, Jim Pastore
, Johanna N. Skrzypczyk
, Christopher S. Ford
, Mengyi Xu
-
Federal Financial Regulators to Propose Enhanced Cyber Risk Management Standards
25 October 2016
Luke Dembosky
, Eric Dinallo
, Gregory J. Lyons
, Jim Pastore
, Johanna N. Skrzypczyk
-
FCPA Update - August 2015
Vol. 7, No. 1
Bruce E. Yannett
, Philip Rohlik
, David Sarratt
, Andrew M. Levine
, David A. O'Neil
, Colby A. Smith
, Johanna N. Skrzypczyk