Avi Gesser co-authored an article with Davis Polk associate Matthew Kelly and law clerk Samantha Pfotenhauer that was published in the New York Law Journal on March 1, 2019.  The article addresses the role of in-house counsel in preparing for and responding to cybersecurity incidents.
Continue Reading

New cyber regulations, such as the California Consumer Privacy Act, have companies concerned about expanding potential liability.  Companies fear that private rights of action are being created that will allow consumers to sue by alleging that the companies failed to protect their personal information.  But attention should also be paid
Continue Reading

A recent bill to amend California’s landmark data privacy law seeks to expand potential liability for violations—bringing little comfort to those already concerned about the risks and challenges associated with achieving compliance in advance of the law’s upcoming effective date.

The proposal—Senate Bill 561, introduced on February 25, 2019, by
Continue Reading

In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative
Continue Reading

The Cybersecurity Law Report recently published an article by Davis Polk titled Reducing Risk in the Dawn of Equifax and Other Cyber-Related Securities Fraud Class Actions.  The article analyzes the January 2019 decision in In re Equifax Securities Litigation and uses lessons from that case to examine strategies for
Continue Reading

Until recently, biometric privacy was a niche area of the law that had little application to most companies.  But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably
Continue Reading

2018 was another busy year for lawyers in the privacy/cybersecurity world – GDPR, CCPA, Marriott, New York Department of Financial Service’s cybersecurity rule deadlines, increased SEC enforcement, more data breach lawsuits, more companies doing table top exercises and risk assessments, etc. But 2019 is looking to be even busier. Below
Continue Reading

Momentum is building for federal privacy legislation, with several different proposals circulating in Washington.  Ohio’s new cybersecurity law offers an interesting approach for incentivizing companies to protect their customers’ personal data.

We have written previously on two competing models for cybersecurity regulation—“standards” versus “rules.”  The standards-based approach, historically
Continue Reading

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork
Continue Reading