While businesses operating in California are still adjusting to the requirements of the California Consumer Privacy Act (CCPA) and are watching for enforcement actions brought by the California Attorney General, as its enforcement powers begin on July 1, an expansive new privacy initiative was certified today by the California Secretary
Continue Reading Expansive New California Privacy Measure Cleared for November Ballot

On Friday, May 29, 2020, Davis Polk’s own Rob Cohen led a panel on cybersecurity law and enforcement issues for the Practising Law Institute’s (“PLI”) tenth annual program on enforcement. The panel included individuals from the FBI, U.S. Attorney’s Office for the Southern District of New York, New York
Continue Reading PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement

New commentary from a respected think tank attempts to provide guidance on cross-border data transfers.  The guidance proposes principles for determining which country’s law to apply to a cross-border transfer.  Although there is no guarantee that the guidance will gain favor with courts or regulators, it is an important indicator
Continue Reading Navigating Cross-Border Data Transfers: Lessons from the Sedona Conference Commentary

On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.

The government panelists shared insights
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement

As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls.  Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements.  As detailed
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight

You have invoked your business continuity plan and it is working.  Thanks to your IT team, your employees have the technology they need to work from home and to do it securely.  You are tracking statements and guidance from key government resources.  Your networks are segmented, your software are
Continue Reading Your IT Systems Are Coronavirus-Ready: What About Your Cyber-Risk Controls?

We first wrote about Business Email Compromise (“BEC”) scams in 2015.  Over the last four years, these attacks have continued unabated.  According to the FBI, in just the last year alone, there were over 20,000 reported BEC scams, with adjusted losses of over $1.2 billion.  One reason this
Continue Reading The Rise of Deepfake Audio Means It’s Time to Revisit Business Email Compromise Scams and Ways to Reduce Risk

Avi Gesser co-authored an article with Davis Polk associates Matthew Kelly, Will Schildknecht, and Anna Marienko that was published in the New York Law Journal on May 31, 2019, and that discusses the competing interests of cybersecurity and employee privacy that employers must balance when implementing reasonable cybersecurity measures.  The
Continue Reading New York Law Journal Publishes Avi Gesser’s Article on Balancing Between Cybersecurity and Employees’ Privacy

Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works.  But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for
Continue Reading Regulators and Plaintiffs Aren’t Waiting for Privacy Legislation: Companies Face Potential Liability Now and Can Take Steps to Reduce Risks

As we highlighted in our predictions for 2019, the proliferation of leaked personal information online provides an increasingly valuable resource for threat actors to use in cyber attacks. So far in 2019, billions of records have been leaked, creating significant additional cybersecurity risks for companies. To help understand this
Continue Reading How to Reduce the Cybersecurity Risks Posed by Leaked Data