By now, most major U.S. companies are generally aware of the new privacy requirements that will be imposed by the California Consumer Privacy Act (“CCPA”) when it goes into effect on January 1, 2020, including data access and deletion rights for consumers as well as restrictions on selling personal information. 
Continue Reading

On Episode 4 of the Davis Polk Dialogues podcast, Avi Gesser joined Davis Polk partners Jon Leibowitz and Ronan Harty and former Federal Trade Commission (“FTC”) official Eileen Harrington to discuss the FTC’s Hearings on Competition and Consumer Protection in the 21st Century.  The episode covers, among other topics, the
Continue Reading

Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading

One way for companies to decrease their cybersecurity risks, as well as their risks from new privacy regulations, is through data minimization—significantly reducing the amount of their data.  By deleting old data and collecting less new data, companies will have less sensitive information to protect and process in accordance with
Continue Reading

We recently wrote about companies monitoring employees to reduce cybersecurity risks. Those insider threat risks do not end when employees leave the company. Sensitive company data in the hands of a disgruntled former employee is obviously a potential risk, but so is unauthorized access to confidential company information by a
Continue Reading

Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation.

Not that long ago, cybersecurity was viewed as
Continue Reading

Two-factor authentication is one of the most common measures that companies use to reduce cyber risk, but it is not very effective if companies don’t also have a good lost-phone protocol.

Various regulations and industry rules require two-factor authentication (also referred to as multi-factor authentication or MFA) including the NYDFS
Continue Reading

On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and
Continue Reading