You have invoked your business continuity plan and it is working.  Thanks to your IT team, your employees have the technology they need to work from home and to do it securely.  You are tracking statements and guidance from key government resources.  Your networks are segmented, your software are
Continue Reading

The SEC’s recent publication of examination observations related to cybersecurity practices provides a helpful benchmark for firms trying to understand common market practices.

***

The Davis Polk Cyber Blog welcomes a new author, partner Robert Cohen.  Rob has 15 years of experience in the SEC’s Division of Enforcement across
Continue Reading

The Davis Polk Cyber Blog has won a LexBlog Excellence Award for Exemplary Writing on Legal Blogs as the first runner-up in the category of Best Commentary/Advice for Legal Professionals.  The winning post can be read here and discusses the private right of action for inadequate cybersecurity under the California
Continue Reading

Both the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) require companies to respond to customer data access requests.  But how do you know that the person making the request is actually who they say they are?  As we have previously noted on this blog,
Continue Reading

With 2019 coming to a close, we wanted to take a look at what can be learned from the FTC’s cybersecurity enforcement actions this year.  As we have previously noted, the FTC came under criticism last year in the LabMD decision for not providing companies with sufficient clarity as to
Continue Reading

Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020.  The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by
Continue Reading

We have written several times here over the last few years about data minimization being an important part of an effective cybersecurity program.  For most companies, the total amount of data that they control grows substantially each year, and more data generally creates more data protection risks.  Companies that have
Continue Reading

On Wednesday, December 4, please join Avi Gesser, Matt Kelly and Michelle Adler from Davis Polk, and Nick Pelletier from Mandiant, for our monthly conference call on cybersecurity and privacy issues. This month we will discuss “Cybersecurity and Civil Liability Under CCPA: What you can do today to protect
Continue Reading

Davis Polk partner Pritesh Shah and associate Daniel Forester are among the authors of a new Practice Note for Thomson Reuters’ Practical Law discussing blockchain technology and recent trends in data privacy law and the tensions between them.  The article explains blockchain technology’s characteristics and describes issues and potential strategies
Continue Reading