Mr. Kelly is counsel in Davis Polk’s Litigation Department. [Full Bio]

Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as
Continue Reading The Review of Securities & Commodities Regulation Publishes Davis Polk Article on the Expanding Role of Counsel for Financial Firms in Addressing Cyber Risk

Avi Gesser co-authored an article with Davis Polk associate Matthew Kelly and law clerk Samantha Pfotenhauer that was published in the New York Law Journal on March 1, 2019.  The article addresses the role of in-house counsel in preparing for and responding to cybersecurity incidents.
Continue Reading New York Law Journal Publishes Avi Gesser’s Article on the Role of In-House Counsel in Cybersecurity Incident Response Planning

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading New Amendment Would Significantly Expand Liability Under California Consumer Privacy Act

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork
Continue Reading Federal Privacy Legislation Is Coming. Maybe. Here’s What It Might Include

A recent SEC Order should be a reminder to registered entities, including small- and medium-sized firms, that the SEC is monitoring the reasonableness of their cybersecurity policies and procedures, and that it may take action in the event of a breach, even in the absence of economic harm.

The SEC’s
Continue Reading SEC Penalizes Cybersecurity Weakness

Some of the most significant recent cyber breaches originated at vendors.  We have previously discussed the importance of effective oversight of third parties because vendor breaches can lead to regulatory actions for companies.  Indeed, recent regulatory guidance provides that vendor diligence is an essential part of any cybersecurity program.  This
Continue Reading Cybersecurity Vendor Due Diligence—Some Practical Tips from the Front Lines

We have written here before about the challenges and benefits of getting rid of old data.  As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning.  Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder
Continue Reading With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands
Continue Reading Cybersecurity and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties

In our cybersecurity and data management webcast now available below, Davis Polk partners Avi Gesser, Gabe Rosenberg, and associate Matt Kelly, recently discussed getting rid of old documents to reduce cyber risk.

To avoid ending up in the news as the latest victim of a cyber-attack, companies
Continue Reading Reducing Unneeded Data Becoming Part of Cybersecurity Best Practices