In Part 1 of this blog post, we discussed some key contractual provisions that lawyers should consider when entering into agreements with cloud service providers (“CSPs”).  In this Part 2, we discuss some additional contractual considerations to keep in mind, as well as some post-contract practices to consider in order
Continue Reading Cybersecurity and Cloud Migration, Part 2 – Additional Concerns and Best Practices

There are many good reasons why companies are increasingly migrating parts of the information technology to cloud service providers (“CSPs”), including lower overhead costs, greater data accessibility and mobility, and more efficient disaster-recovery response.  For cybersecurity, cloud solutions offer companies many benefits, such as full-time data security monitoring and data
Continue Reading Cybersecurity and Cloud Migration, Part 1 – Contract Terms to Consider for Reducing Risk

We have written here before about the challenges and benefits of getting rid of old data.  As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning.  Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder
Continue Reading With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data

For years, the default setting at many companies was to keep electronic data indefinitely. Storage is cheap, there are legal risks associated with deleting data, and you never know when an email from 10 years ago is going to become important. Some companies have document management policies, but often they
Continue Reading Getting Rid of Old Data Is Becoming a Regulatory Requirement

In January 2018, at the Eleventh Annual International Conference on Computers, Privacy and Data Protection (the “Conference”) in Brussels, one panel that made some headlines centered around blockchain technology in the context of data protection. The core inquiry of the panel was two-fold: (1) whether blockchain technology can
Continue Reading Blockchain for Data Protection: A Double-edged Sword or a Techno-regulatory Oxymoron?

Cyber threats remain a key operational concern for banks, which are otherwise experiencing “near-historic” capital and liquidity highs and improved returns on equity, according to the Office of the Comptroller of the Currency (the “OCC”).  The regulator published its Fall 2017 Semiannual Risk Perspective on January 18th, stating that “operational
Continue Reading OCC Says Cyber Threats Continue to Elevate Banks’ Operational Risk

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands
Continue Reading Cybersecurity and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties

In our cybersecurity and data management webcast now available below, Davis Polk partners Avi Gesser, Gabe Rosenberg, and associate Matt Kelly, recently discussed getting rid of old documents to reduce cyber risk.

To avoid ending up in the news as the latest victim of a cyber-attack, companies
Continue Reading Reducing Unneeded Data Becoming Part of Cybersecurity Best Practices

View Webcast

Please join us on October 11, 2017 from 12:00 pm to 1:00 pm ET for a discussion on the evolving law and practice on the document management aspects of cyber security, including:

  • Regulators’ expectation for companies regarding deleting old non-public data to reduce cyber risk.
  • The interactions between


Continue Reading Webcast: Cyber Security and Data Management