Mr. Kelly is counsel in Davis Polk’s Litigation Department. [Full Bio]

You have invoked your business continuity plan and it is working.  Thanks to your IT team, your employees have the technology they need to work from home and to do it securely.  You are tracking statements and guidance from key government resources.  Your networks are segmented, your software are
Continue Reading

The SEC’s recent publication of examination observations related to cybersecurity practices provides a helpful benchmark for firms trying to understand common market practices.

***

The Davis Polk Cyber Blog welcomes a new author, partner Robert Cohen.  Rob has 15 years of experience in the SEC’s Division of Enforcement across
Continue Reading

The Davis Polk Cyber Blog has won a LexBlog Excellence Award for Exemplary Writing on Legal Blogs as the first runner-up in the category of Best Commentary/Advice for Legal Professionals.  The winning post can be read here and discusses the private right of action for inadequate cybersecurity under the California
Continue Reading

Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020.  The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by
Continue Reading

We have written several times here over the last few years about data minimization being an important part of an effective cybersecurity program.  For most companies, the total amount of data that they control grows substantially each year, and more data generally creates more data protection risks.  Companies that have
Continue Reading

By now, most major U.S. companies are generally aware of the new privacy requirements that will be imposed by the California Consumer Privacy Act (“CCPA”) when it goes into effect on January 1, 2020, including data access and deletion rights for consumers as well as restrictions on selling personal information. 
Continue Reading

Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading

Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as
Continue Reading

Avi Gesser co-authored an article with Davis Polk associate Matthew Kelly and law clerk Samantha Pfotenhauer that was published in the New York Law Journal on March 1, 2019.  The article addresses the role of in-house counsel in preparing for and responding to cybersecurity incidents.
Continue Reading

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading