Mr. Forester is counsel in Davis Polk's Corporate Department, practicing in the Intellectual Property and Technology Transactions Group. [Full Bio]

Both the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) require companies to respond to customer data access requests.  But how do you know that the person making the request is actually who they say they are?  As we have previously noted on this blog,
Continue Reading The Risks of Fraudulent CCPA Access Requests – Guidance from a $10.7 million GDPR Fine for Poor Customer Authentication

Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020.  The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by
Continue Reading Global Data Review Publishes Davis Polk’s Chapter on United States Cybersecurity Laws in GDR Insight Handbook

Davis Polk partner Pritesh Shah and associate Daniel Forester are among the authors of a new Practice Note for Thomson Reuters’ Practical Law discussing blockchain technology and recent trends in data privacy law and the tensions between them.  The article explains blockchain technology’s characteristics and describes issues and potential strategies
Continue Reading Blockchain Technology: Data Privacy Issues and Potential Mitigation Strategies – Practical Law Practice Note

Over the last few years, the creation of new cybersecurity regulations has been robust, but actual enforcement has been tepid. This is understandable in any new regulatory regime, especially one where the standards are vague, the conduct is evolving, and therefore, there is considerable uncertainty on the part of the
Continue Reading The NYAG Dunkin’ Donuts Cyber Case – One More Sign that the Days of Stick for Cybersecurity Enforcement May Be Around the Corner

One way for companies to decrease their cybersecurity risks, as well as their risks from new privacy regulations, is through data minimization—significantly reducing the amount of their data.  By deleting old data and collecting less new data, companies will have less sensitive information to protect and process in accordance with
Continue Reading Ephemeral Messaging for Businesses: Balancing the Risks of Keeping and Deleting Data by Default

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading New Amendment Would Significantly Expand Liability Under California Consumer Privacy Act

2018 was another busy year for lawyers in the privacy/cybersecurity world – GDPR, CCPA, Marriott, New York Department of Financial Service’s cybersecurity rule deadlines, increased SEC enforcement, more data breach lawsuits, more companies doing table top exercises and risk assessments, etc. But 2019 is looking to be even busier. Below
Continue Reading 2019 Predictions – Top 10 Cybersecurity/Privacy Trends to Prepare for Now

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork
Continue Reading Federal Privacy Legislation Is Coming. Maybe. Here’s What It Might Include

In Part 1 of this blog post, we discussed some key contractual provisions that lawyers should consider when entering into agreements with cloud service providers (“CSPs”).  In this Part 2, we discuss some additional contractual considerations to keep in mind, as well as some post-contract practices to consider in order
Continue Reading Cybersecurity and Cloud Migration, Part 2 – Additional Concerns and Best Practices

There are many good reasons why companies are increasingly migrating parts of the information technology to cloud service providers (“CSPs”), including lower overhead costs, greater data accessibility and mobility, and more efficient disaster-recovery response.  For cybersecurity, cloud solutions offer companies many benefits, such as full-time data security monitoring and data
Continue Reading Cybersecurity and Cloud Migration, Part 1 – Contract Terms to Consider for Reducing Risk