Mr. Kelly is counsel in Davis Polk’s Litigation Department. [Full Bio]

You have invoked your business continuity plan and it is working.  Thanks to your IT team, your employees have the technology they need to work from home and to do it securely.  You are tracking statements and guidance from key government resources.  Your networks are segmented, your software are
Continue Reading Your IT Systems Are Coronavirus-Ready: What About Your Cyber-Risk Controls?

The SEC’s recent publication of examination observations related to cybersecurity practices provides a helpful benchmark for firms trying to understand common market practices.

***

The Davis Polk Cyber Blog welcomes a new author, partner Robert Cohen.  Rob has 15 years of experience in the SEC’s Division of Enforcement across
Continue Reading Introducing a New Author to the Davis Polk Cyber Blog with His First Blog Post: What SEC Examiners Will Ask About Cybersecurity

The Davis Polk Cyber Blog has won a LexBlog Excellence Award for Exemplary Writing on Legal Blogs as the first runner-up in the category of Best Commentary/Advice for Legal Professionals.  The winning post can be read here and discusses the private right of action for inadequate cybersecurity under the California
Continue Reading Davis Polk Cyber Blog Wins LexBlog Excellence Award

Davis Polk attorneys authored a chapter on U.S. Cybersecurity Laws for the GDR Insight Handbook 2020.  The chapter, which can be read here, was written by Avi Gesser, Matthew J. Bacal, Daniel F. Forester, Matthew A. Kelly, Clara Y. Kim, and Gianna C. Walton, and was published by
Continue Reading Global Data Review Publishes Davis Polk’s Chapter on United States Cybersecurity Laws in GDR Insight Handbook

We have written several times here over the last few years about data minimization being an important part of an effective cybersecurity program.  For most companies, the total amount of data that they control grows substantially each year, and more data generally creates more data protection risks.  Companies that have
Continue Reading A 14.5 million Euro Fine for Failing to Get Rid of Old Files – Data Minimization Is Becoming a Stand-Alone Cybersecurity Obligation

By now, most major U.S. companies are generally aware of the new privacy requirements that will be imposed by the California Consumer Privacy Act (“CCPA”) when it goes into effect on January 1, 2020, including data access and deletion rights for consumers as well as restrictions on selling personal information. 
Continue Reading The Biggest Risk with CCPA May Be Cybersecurity, Not Privacy: 10 Things Companies Are Doing Now to Prepare

Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading New York Law Journal Publishes Avi Gesser’s Article on Balancing Between Cybersecurity and Employees’ Privacy

Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as
Continue Reading The Review of Securities & Commodities Regulation Publishes Davis Polk Article on the Expanding Role of Counsel for Financial Firms in Addressing Cyber Risk

Avi Gesser co-authored an article with Davis Polk associate Matthew Kelly and law clerk Samantha Pfotenhauer that was published in the New York Law Journal on March 1, 2019.  The article addresses the role of in-house counsel in preparing for and responding to cybersecurity incidents.
Continue Reading New York Law Journal Publishes Avi Gesser’s Article on the Role of In-House Counsel in Cybersecurity Incident Response Planning

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading New Amendment Would Significantly Expand Liability Under California Consumer Privacy Act