Publications

• CPRA Rulemaking Is Underway - Getting Ahead of Enforcement Risks
  2 August 2022
  Avi Gesser
  ,
  David Sarratt
  ,
  Christopher S. Ford
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
  ,
  H Jacqueline Brehmer
• NYDFS Proposes Significant Changes to Its Cybersecurity Rules
  1 August 2022
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Erez Liebermann
  ,
  Jim Pastore
  ,
  Charu A. Chandrasekhar
  ,
  H Jacqueline Brehmer
  ,
  Michelle Huang
  ,
  Mengyi Xu
• 2022 Private Equity Midyear Review and Outlook
  1 August 2022
  Jonathan Adler
  ,
  Christopher Anthony
  ,
  Katherine Ashton
  ,
  Sally Bergmann
  ,
  Dominic Blaxill
  ,
  Ezra Borut
  ,
  Geoffrey P. Burgess
  ,
  Jennifer L. Chu
  ,
  William Y. Chua
  ,
  Christopher Dortschy
  ,
  E. Drew Dutton
  ,
  Jane Engelhardt
  ,
  Avi Gesser
  ,
  Jyotin Hamid
  ,
  Morgan J. Hayes
  ,
  Emily F. Huang
  ,
  Peter J. Irwin
  ,
  Satish M. Kini
  ,
  M. Natasha Labovitz
  ,
  Andrew M. Levine
  ,
  Sidney P. Levinson
  ,
  Marilyn A. Lion
  ,
  Peter J. Loughran
  ,
  Nicole Levin Mesard
  ,
  Brett M. Novick
  ,
  Marc Ponchione
  ,
  Ryan T. Rafferty
  ,
  Jeffrey E. Ross
  ,
  Scott B. Selinger
  ,
  Steven J. Slutzky
  ,
  Thomas Smith
  ,
  Ramya S. Tiller
  ,
  Patricia Volhard
  ,
  Richard Ward
  ,
  Jeffrey P. Cunard
  ,
  Tricia Bozyk Sherno
  ,
  Marshal L. Bozzo
  ,
  Zhiyan Cao
  ,
  Robert T. Dura
  ,
  Andrew J. Gershon
  ,
  Stuart Hammer
  ,
  Sheena Paul
  ,
  Jin-Hyuk Jang
  ,
  Andrew C. Rearick
  ,
  Jennifer Wheater
  ,
  John Young
  ,
  Ulysses Smith
  ,
  Sasha Burger
  ,
  Jennifer R. Cestaro
  ,
  Thomas A. DeMarzo
  ,
  Paul Eastham
  ,
  Isabel Espinosa de los Reyes
  ,
  Andrew Field
  ,
  Michael C. Godbe
  ,
  Christopher Gossage
  ,
  Anna R. Gressel
  ,
  Merryl Lawry-White
  ,
  Sheng Shao
  ,
  Rachel Tennell
  ,
  Malina Welman
  ,
  Matthew Mrozek
  ,
  Chika Ojukwu
• Cyber Whistleblowers—Eight Lessons from the First False Claims Act Settlements
  21 July 2022
  Avi Gesser
  ,
  Erez Liebermann
  ,
  H Jacqueline Brehmer
• The Digital Services Act (DSA) Transforms Regulation of Online Intermediaries
  19 July 2022
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Michael Pizzi
• Columbia Blue Sky Blog: Debevoise Discusses What the ADPPA Means for U.S. Data Regulation
  15 July 2022
  Columbia Blue Sky Blog
  Paul D. Rubin
  ,
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
  ,
  Alessandra G. Masciandaro
• Compliance & Enforcement: Complying with New York’s AI Employment Law and Similar Regulations
  15 July 2022
  Compliance & Enforcement
  Avi Gesser
  ,
  Jyotin Hamid
  ,
  Tricia Bozyk Sherno
  ,
  Anna R. Gressel
  ,
  Scott M. Caravello
  ,
  Rachel Tennell
• Complying with New York’s AI Employment Law and Similar Regulations
  14 July 2022
  Avi Gesser
  ,
  Jyotin Hamid
  ,
  Tricia Bozyk Sherno
  ,
  Scott M. Caravello
  ,
  Anna R. Gressel
  ,
  Rachel Tennell
• NYU Compliance & Enforcement: California Restricts Insurers’ Use of AI and Big Data
  6 July 2022
  NYU Compliance & Enforcement
  Eric R. Dinallo
  ,
  Avi Gesser
  ,
  Marshal L. Bozzo
  ,
  Anna R. Gressel
  ,
  Scott M. Caravello
• California Restricts Insurers’ Use of AI and Big Data
  5 July 2022
  Eric R. Dinallo
  ,
  Avi Gesser
  ,
  Marshal L. Bozzo
  ,
  Scott M. Caravello
  ,
  Anna R. Gressel
• NYU Compliance & Enforcement: New Automated Decision-Making Laws: Four Tips for Compliance
  29 June 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Robert Maddox
  ,
  Anna R. Gressel
  ,
  Mengyi Xu
  ,
  Samuel J. Allaman
• New Automated Decision-Making Laws: Four Tips for Compliance
  27 June 2022
  Avi Gesser
  ,
  Robert Maddox
  ,
  Samuel J. Allaman
  ,
  Anna R. Gressel
  ,
  Mengyi Xu
• 36-Hour Breach Notification for Banks is Here
  31 May 2022
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Courtney Bradford Pike
  ,
  Michael R. Roberts
• NYU Compliance & Enforcement: Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records
  26 May 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
• How Private Equity Firms Can Prepare for the SEC’s Proposed Cybersecurity Rules
  May 2022
  Avi Gesser
  ,
  Julie M. Riewe
  ,
  Kristin A. Snyder
  ,
  Charu A. Chandrasekhar
  ,
  Matthew C. Rametta
  ,
  Michael R. Roberts
• Private Equity Report Spring 2022, Vol 22, No 1
  May 2022
  Catherine Amirfar
  ,
  Andrew L. Bab
  ,
  Megan K. Bannigan
  ,
  David H. Bernstein
  ,
  Alexander R. Cochran
  ,
  Avi Gesser
  ,
  Ted Hassi
  ,
  Eric T. Juergens
  ,
  Matthew E. Kaplan
  ,
  M. Natasha Labovitz
  ,
  Sidney P. Levinson
  ,
  Pierre Maugüé
  ,
  Marc Ponchione
  ,
  Ina C. Popova
  ,
  Natalie L. Reid
  ,
  Julie M. Riewe
  ,
  Scott B. Selinger
  ,
  Kristin A. Snyder
  ,
  Ramya S. Tiller
  ,
  Richard Ward
  ,
  Erica S. Weisgerber
  ,
  Charu A. Chandrasekhar
  ,
  Nick S. Kaluk III
  ,
  Merryl Lawry-White
  ,
  Sheena Paul
  ,
  Christopher Rosekrans
  ,
  Jennifer Wheater
  ,
  Sasha Burger
  ,
  Paul Eastham
  ,
  Christopher S. Ford
  ,
  Christine Shu Gilleland
  ,
  Michael C. Godbe
  ,
  Jessica Polebaum
  ,
  Matthew C. Rametta
  ,
  Michael R. Roberts
  ,
  Kate Saba
• Connecticut Requires Non-Discrimination Certifications from Insurers Using AI
  3 May 2022
  Eric R. Dinallo
  ,
  Avi Gesser
  ,
  Marshal L. Bozzo
  ,
  Anna R. Gressel
• NYU Compliance & Enforcement: Utah Joins the Comprehensive State Privacy Law Club
  3 May 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
  ,
  Alessandra G. Masciandaro
• NYU Compliance & Enforcement: The SEC’s New Risk Alert Warns about the Use of Alternative Data
  3 May 2022
  NYU Compliance & Enforcement
  Andrew J. Ceresney
  ,
  Avi Gesser
  ,
  Julie M. Riewe
  ,
  Kristin A. Snyder
  ,
  Jonathan R. Tuttle
  ,
  Charu A. Chandrasekhar
  ,
  Mengyi Xu
• The SEC’s New Risk Alert Warns about the Use of Alternative Data
  2 May 2022
  Andrew J. Ceresney
  ,
  Avi Gesser
  ,
  Julie M. Riewe
  ,
  Kristin A. Snyder
  ,
  Jonathan R. Tuttle
  ,
  Charu A. Chandrasekhar
  ,
  Mengyi Xu
• The Value of AI Incident Response Plans and Tabletop Exercises
  27 April 2022
  Avi Gesser
  ,
  Corey Jeremy Goldstein
  ,
  Anna R. Gressel
  ,
  Michael R. Roberts
  ,
  Erik Rubinstein
• NYU Compliance & Enforcement: The Value of AI Incident Response Plans and Tabletop Exercises
  27 April 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Michael R. Roberts
  ,
  Corey Jeremy Goldstein
  ,
  Erik Rubinstein
• Harvard Forum on Corporate Governance: AI Oversight Is Becoming a Board Issue
  26 April 2022
  Harvard Forum on Corporate Governance
  Avi Gesser
  ,
  William D. Regner
  ,
  Anna R. Gressel
• AI Oversight Is Becoming a Board Issue
  6 April 2022
  Avi Gesser
  ,
  William D. Regner
  ,
  Anna R. Gressel
• NYU Compliance & Enforcement: Why Ethical AI Initiatives Need Help from Corporate Compliance
  6 April 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Bruce E. Yannett
  ,
  Douglas S. Zolkind
  ,
  Anna R. Gressel
  ,
  Adele Stichel
• Why Ethical AI Initiatives Need Help from Corporate Compliance
  4 April 2022
  Avi Gesser
  ,
  Bruce E. Yannett
  ,
  Douglas S. Zolkind
  ,
  Anna R. Gressel
  ,
  Adele Stichel
• NYU Compliance & Enforcement: Model Destruction – The FTC’s Powerful New AI and Privacy Enforcement Tool
  30 March 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Paul D. Rubin
  ,
  Anna R. Gressel
• Columbia Blue Sky Blog: Debevoise Discusses New Cyber Incident Reporting for Critical Infrastructure
  23 March 2022
  Columbia Blue Sky Blog
  Luke Dembosky
  ,
  Avi Gesser
  ,
  H Jacqueline Brehmer
  ,
  Stephanie D. Thomas
• Model Destruction – The FTC’s Powerful New AI and Privacy Enforcement Tool
  22 March 2022
  Avi Gesser
  ,
  Paul D. Rubin
  ,
  Anna R. Gressel
• Six Key Takeaways from the SEC’s Most Recent Proposed Cybersecurity Rules for Registrants
  14 March 2022
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Matthew E. Kaplan
  ,
  Charu A. Chandrasekhar
  ,
  H Jacqueline Brehmer
  ,
  Michael R. Roberts
• NYU Compliance & Enforcement: Data Minimization – Recent Enforcement Actions Show Why Some Companies Need to Get Rid of Old Electronic Records
  9 March 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
• Harvard Forum on Corporate Governance: Four Takeaways from the SEC’s Proposed Cybersecurity Rules
  7 March 2022
  Harvard Forum on Corporate Governance
  Avi Gesser
  ,
  Charu A. Chandrasekhar
  ,
  Christopher S. Ford
  ,
  H Jacqueline Brehmer
  ,
  Julie M. Riewe
  ,
  Matthew C. Rametta
• Four Takeaways from the SEC’s Proposed Cybersecurity Rules
  17 February 2022
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Julie M. Riewe
  ,
  Charu A. Chandrasekhar
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford
  ,
  Matthew C. Rametta
• NYU Compliance & Enforcement: SEC Cybersecurity Update: Chair Gensler Offers Insight into Upcoming Regulation
  3 February 2022
  NYU Compliance & Enforcement
  Avi Gesser
  ,
  Charu A. Chandrasekhar
  ,
  Christopher S. Ford
  ,
  H Jacqueline Brehmer
  ,
  Matthew C. Rametta
• NYU Compliance & Enforcement: Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule
  31 January 2022
  NYU Compliance & Enforcement
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael R. Roberts
  ,
  Michelle Huang
• SEC Cybersecurity Update: Chair Gensler Offers Insight into Upcoming Regulation
  26 January 2022
  Avi Gesser
  ,
  Charu A. Chandrasekhar
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford
  ,
  Matthew C. Rametta
• NYU Compliance & Enforcement Blog: A New Era of Federal Trade Commission (“FTC”) Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure
  26 January 2022
  NYU Compliance & Enforcement Blog
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Ted Hassi
  ,
  Paul D. Rubin
  ,
  Jim Pastore
  ,
  Johanna N. Skrzypczyk
  ,
  Leah Martin
  ,
  Melissa Runsten
  ,
  Christopher S. Ford
• Law360: What Stablecoin Industry Can Expect From Congress In 2022
  25 January 2022
  Law360
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Ted Hassi
  ,
  Paul D. Rubin
  ,
  Jim Pastore
  ,
  Johanna N. Skrzypczyk
  ,
  Leah Martin
  ,
  Melissa Runsten
  ,
  Christopher S. Ford
• 2021/2022 Private Equity Year-End Review and Outlook
  January 2022
  Jonathan Adler
  ,
  Catherine Amirfar
  ,
  Christopher Anthony
  ,
  Katherine Ashton
  ,
  Andrew L. Bab
  ,
  Geoffrey P. Burgess
  ,
  Ezra Borut
  ,
  Andrew J. Ceresney
  ,
  William Y. Chua
  ,
  Jennifer L. Chu
  ,
  Jeffrey P. Cunard
  ,
  Alexander R. Cochran
  ,
  E. Drew Dutton
  ,
  Jane Engelhardt
  ,
  Morgan J. Hayes
  ,
  Eric T. Juergens
  ,
  Maurizio Levi-Minzi
  ,
  Nicholas P. Pellicani
  ,
  Ryan T. Rafferty
  ,
  Julie M. Riewe
  ,
  Scott B. Selinger
  ,
  Marc Ponchione
  ,
  Thomas Smith
  ,
  Ramya S. Tiller
  ,
  Patricia Volhard
  ,
  Richard Ward
  ,
  Alisa A. Waxman
  ,
  Marshal L. Bozzo
  ,
  Christopher Dortschy
  ,
  Andrew J. Gershon
  ,
  Emily F. Huang
  ,
  Andrew C. Rearick
  ,
  Jennifer Wheater
  ,
  Sasha Burger
  ,
  Dominic Blaxill
  ,
  Charles Cartiglia
  ,
  Robert T. Dura
  ,
  Nathan Frost
  ,
  Natalia Pszenny
  ,
  Matthew J. Sacco
  ,
  Sheng Shao
  ,
  Sergio Torres
  ,
  Charlotte A. Walkovik
  ,
  Paul Eastham
  ,
  Christopher Gossage
  ,
  Robert B. Kaplan
  ,
  Scott M. Caravello
  ,
  Stephen Petraeus
  ,
  Sheena Paul
  ,
  John Young
  ,
  Jin-Hyuk Jang
  ,
  Lukas Ott
  ,
  Andrew M. Levine
  ,
  Stuart Hammer
  ,
  Ulysses Smith
  ,
  Merryl Lawry-White
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Michael R. Roberts
  ,
  Peter J. Irwin
  ,
  Ina C. Popova
  ,
  Samantha J. Rowe
  ,
  M. Natasha Labovitz
  ,
  Sidney P. Levinson
  ,
  Paul D. Rubin
  ,
  Eric R. Dinallo
  ,
  Marilyn A. Lion
  ,
  Jacob W. Stahl
  ,
  Nicholas F. Potter
  ,
  Kim T. Le
  ,
  Adam Aukland-Peck
  ,
  Melissa Runsten
  ,
  Matthew Mrozek
  ,
  Michael C. Godbe
  ,
  Christel Y. Tham
  ,
  Lisa Wang Lachowicz
• Time to Update Cyber Incident Response Plans, Especially for Banks Subject to the New 36-Hour Breach Notification Rule
  19 January 2022
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michelle Huang
  ,
  Michael R. Roberts
• A New Era of Federal Trade Commission (“FTC”) Privacy and Cybersecurity Oversight: Top Ten Things Companies Should Know When Assessing FTC Compliance and Exposure
  12 January 2022
  Luke Dembosky
  ,
  Ted Hassi
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Paul D. Rubin
  ,
  Johanna N. Skrzypczyk
  ,
  Christopher S. Ford
  ,
  Leah Martin
  ,
  Melissa Runsten
• Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data
  10 January 2022
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Michael R. Roberts
• NYU Compliance & Enforcement Blog: Regulatory Risks of the Log4j Vulnerability: FTC Warns Companies to Take Reasonable Steps to Protect Consumer Data
  10 January 2022
  NYU Compliance & Enforcement Blog
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Michael R. Roberts
• NYU Compliance & Enforcement Blog: Getting Ready for 2023: What Companies Can Do Now to Prepare for New Privacy Laws
  20 December 2021
  NYU Compliance & Enforcement Blog
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Michael Bloom
  ,
  Michael R. Roberts
  ,
  Tricia Reville
  ,
  Kate Saba
• CLS Blue Sky Blog: Debevoise & Plimpton Discusses Proposed Cybersecurity Legislation
  29 November 2021
  CLS Blue Sky Blog
  Luke Dembosky
  ,
  Avi Gesser
  ,
  H Jacqueline Brehmer
  ,
  Stephanie D. Thomas
• Banking Regulators Finalize 36-Hour Data Breach Notification Rule
  24 November 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Gregory J. Lyons
  ,
  Johanna N. Skrzypczyk
  ,
  Christopher S. Ford
  ,
  Alexandra N. Mogul
  ,
  Erik Rubinstein
• The FTC’s Strengthened Safeguards Rule and the Evolving Landscape of Reasonable Data Security
  18 November 2021
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Johanna N. Skrzypczyk
  ,
  Lily D. Vo
  ,
  Corey Jeremy Goldstein
  ,
  Scott M. Caravello
• Columbia Blue Sky Blog: Debevoise & Plimpton Discusses Federal Regulators’ Focus on AI and Consumer Protection in Finance
  15 November 2021
  Columbia Blue Sky Blog
  Courtney M. Dankworth
  ,
  Avi Gesser
  ,
  Gregory J. Lyons
  ,
  James B. Amler
  ,
  Anna R. Gressel
• OFAC and FinCEN Update Ransomware Guidance to Include New Red-Flag Indicators and Additional Sanctions Designations
  10 November 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Aseel M. Rabie
  ,
  H Jacqueline Brehmer
  ,
  Andreas Constantine Pavlou
• Increased Focus by Federal Regulators on AI and Consumer Protection in the Financial Sector
  10 November 2021
  Courtney M. Dankworth
  ,
  Avi Gesser
  ,
  Gregory J. Lyons
  ,
  James B. Amler
  ,
  Caroline N. Swett
  ,
  Frank Colleluori
  ,
  Adrian Gonzalez
  ,
  Anna R. Gressel
  ,
  Alexandra N. Mogul
  ,
  Lorena Rodriguez
• Cybersecurity and AI Whistleblowers: Unique Challenges and Strategies for Reducing Risk
  2 November 2021
  Avi Gesser
  ,
  Corey Jeremy Goldstein
  ,
  Anna R. Gressel
  ,
  Michael Pizzi
  ,
  Andreas Constantine Pavlou
• Compliance and Enforcement: Face Forward: Strategies for Complying with Facial Recognition Laws (Part II of II)
  1 November 2021
  Compliance and Enforcement
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Anna R. Gressel
• Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition
  27 October 2021
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Anna R. Gressel
• New York University School of Law Blog: Face Forward: Strategies for Complying with Facial Recognition Laws (Part I of II)
  21 October 2021
  New York University School of Law Blog
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Johanna N. Skrzypczyk
• Face Forward: Strategies for Complying with Facial Recognition Laws
  Part 1: The Current Patchwork
  20 October 2021
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Anna R. Gressel
• Compliance & Enforcement: Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence
  18 October 2021
  Compliance & Enforcement
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Mengyi Xu
• Six Quick Cybersecurity Takeaways from SEC Speaks 2021
  18 October 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Charu A. Chandrasekhar
  ,
  H Jacqueline Brehmer
  ,
  Matthew C. Rametta
• Three Takeaways from the IOSCO Report to Securities Regulators on Artificial Intelligence
  14 October 2021
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Mengyi Xu
• Emerging Cybersecurity Standards for Critical Infrastructure – Lessons from Recent Goals Released by CISA and NIST
  11 October 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  H Jacqueline Brehmer
• OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments
  5 October 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  H Jacqueline Brehmer
  ,
  Scott M. Caravello
• Compliance & Enforcement: OFAC’s Ransomware Advisory – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments (Part II of II)
  5 October 2021
  Compliance & Enforcement
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  H Jacqueline Brehmer
  ,
  Scott M. Caravello
• Compliance & Enforcement: Improved Cybersecurity Can Mitigate Sanctions Risk, and Other Takeaways from the Latest OFAC Advisory on Ransomware
  24 September 2021
  Compliance & Enforcement
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  H Jacqueline Brehmer
  ,
  Sarah Quirk Smith
• Improved Cybersecurity Can Mitigate Sanctions Risk and Other Takeaways from the Latest OFAC Advisory on Ransomware
  23 September 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  H Jacqueline Brehmer
  ,
  Sarah Quirk Smith
• Compliance & Enforcement: Recent SEC Enforcement Action Against App Annie Signals Continuing Focus on Data-related Disclosure and Policy Violations
  21 September 2021
  Compliance & Enforcement
  Avi Gesser
  ,
  Charu A. Chandrasekhar
  ,
  Mengyi Xu
  ,
  Adrian Gonzalez
• Recent SEC Enforcement Action against App Annie Signals Continuing Focus on Data-Related Disclosure and Policy Violations
  20 September 2021
  Avi Gesser
  ,
  Charu A. Chandrasekhar
  ,
  Mengyi Xu
  ,
  Adrian Gonzalez
• Columbia Blue Sky Blog: Debevoise & Plimpton on the Latest Round of SEC Cybersecurity Enforcement Actions
  7 September 2021
  Columbia Blue Sky Blog
  Avi Gesser
  ,
  Jim Pastore
  ,
  Mengyi Xu
• The Latest Round of SEC Cybersecurity Enforcement Actions Targets MFA Deficiencies, Inadequate Policies, and Misleading Breach Notifications
  1 September 2021
  Avi Gesser
  ,
  Jim Pastore
  ,
  Mengyi Xu
• China Passes the Personal Information Protection Law
  1 September 2021
  William Y. Chua
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Edwin Northover
  ,
  Jim Pastore
  ,
  Emily Lam
  ,
  Philip Rohlik
  ,
  Johanna N. Skrzypczyk
  ,
  Tingting Wu
• New Requirements for Localisation of Major Internet Companies in Russia
  23 August 2021
  Avi Gesser
  ,
  Jane Shvets
• NYU Compliance & Enforcement Blog: SEC Levies $1 Million Penalty for Allegedly Misleading Cybersecurity Incident Disclosures
  22 August 2021
  NYU Compliance & Enforcement Blog
  Avi Gesser
  ,
  Paul M. Rodel
  ,
  Joshua M. Samit
  ,
  Charu A. Chandrasekhar
  ,
  Corey Jeremy Goldstein
• Harvard Law School Forum on Corporate Governance: The SEC’s Cyber Priorities and Four Ways for Companies to Reduce Regulatory Risk
  11 August 2021
  Harvard Law School Forum on Corporate Governance
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Suchita Mandavilli Brundage
• The SEC’s Cyber Priorities and Four Additional Ways for Companies to Reduce Regulatory Risk
  29 July 2021
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
  ,
  Suchita Mandavilli Brundage
• 2021 Private Equity Midyear Review and Outlook
  22 July 2021
  Jonathan Adler
  ,
  Christopher Anthony
  ,
  Katherine Ashton
  ,
  Andrew L. Bab
  ,
  Megan K. Bannigan
  ,
  Sally Bergmann
  ,
  David H. Bernstein
  ,
  Paul S. Bird
  ,
  Ezra Borut
  ,
  Geoffrey P. Burgess
  ,
  Jennifer L. Chu
  ,
  William Y. Chua
  ,
  Matthew Dickman
  ,
  Christopher Dortschy
  ,
  E. Drew Dutton
  ,
  Jane Engelhardt
  ,
  Peter A. Furci
  ,
  Avi Gesser
  ,
  Jyotin Hamid
  ,
  Morgan J. Hayes
  ,
  Peter J. Irwin
  ,
  Meir D. Katz
  ,
  Rafael Kariyev
  ,
  M. Natasha Labovitz
  ,
  Maurizio Levi-Minzi
  ,
  Andrew M. Levine
  ,
  Sidney P. Levinson
  ,
  Jonathan F. Lewis
  ,
  Marc Ponchione
  ,
  Ryan T. Rafferty
  ,
  Paul D. Rubin
  ,
  Zachary H. Saltzman
  ,
  Kevin M. Schmidt
  ,
  Shannon Rose Selden
  ,
  Scott B. Selinger
  ,
  Steven J. Slutzky
  ,
  Ramya S. Tiller
  ,
  Richard Ward
  ,
  Alisa A. Waxman
  ,
  Patricia Volhard
  ,
  Franci J. Blassberg
  ,
  Jeffrey P. Cunard
  ,
  Andrew J. Gershon
  ,
  Stuart Hammer
  ,
  Jin-Hyuk Jang
  ,
  Kim T. Le
  ,
  Sheena Paul
  ,
  Andrew C. Rearick
  ,
  Tricia Bozyk Sherno
  ,
  Jacob W. Stahl
  ,
  Jennifer Wheater
  ,
  John Young
  ,
  Adam Aukland-Peck
  ,
  Dominic Blaxill
  ,
  Charles Cartiglia
  ,
  Robert T. Dura
  ,
  Paul Eastham
  ,
  Jay E. Evans
  ,
  Norma Angelica Freeland
  ,
  David J. Hotelling
  ,
  Samuel D. Krawiecz
  ,
  Merryl Lawry-White
  ,
  Robert Maddox
  ,
  Sergio Torres
  ,
  Malina Welman
• Department of Labor Intensifies Cyber Readiness Inquiries Among Retirement Plan Administrators
  13 July 2021
  Lawrence K. Cagney
  ,
  Avi Gesser
  ,
  Jonathan F. Lewis
  ,
  Jim Pastore
  ,
  Johanna N. Skrzypczyk
• The Supreme Court TransUnion Case Part 1 — What It Means for Standing in Cyber Cases
  8 July 2021
  Avi Gesser
  ,
  Johanna N. Skrzypczyk
• Seven Tips for Reducing CCPA Litigation Risks – Lessons from the First 18 Months
  22 June 2021
  Avi Gesser
  ,
  Jim Pastore
  ,
  Johanna N. Skrzypczyk
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford
  ,
  Alexandra P. Swain
• NYU Compliance & Enforcement Blog: The Future of AI Regulation: 24 Ways That Companies Can Reduce Their Regulatory and Reputational AI Risks
  13 May 2021
  NYU Compliance & Enforcement Blog
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Tara Raam
• Compliance & Enforcement: The Future of AI Regulation: The FTC’s New Guidance on Using AI Truthfully, Fairly, and Equitably
  10 May 2021
  Compliance & Enforcement
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Parker C. Eudy
• The Future of AI Regulation (Part 4): 24 Ways That Companies Can Reduce Their Regulatory and Reputational AI Risks
  6 May 2021
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Tara Raam
• The Future of AI Regulation (Part 3): The FTC’s New Guidance on Using AI Truthfully, Fairly, and Equitably
  3 May 2021
  Avi Gesser
  ,
  Parker C. Eudy
  ,
  Anna R. Gressel
• Business Law Today: Banking Agencies Propose 36-Hour Data Breach Reporting Rules for Significant Incidents
  28 April 2021
  Business Law Today
  Zila Reyes Acosta-Grimes
  ,
  Avi Gesser
  ,
  Courtney Bradford Pike
• NYU Compliance & Enforcement Blog: The Future of AI Regulation: Draft Legislation from the European Commission Shows the Coming AI Legal Landscape
  27 April 2021
  NYU Compliance & Enforcement Blog
  Avi Gesser
  ,
  Anna R. Gressel
• The Future of AI Regulation (Part 2): Draft Legislation from the European Commission Shows the Coming AI Legal Landscape
  26 April 2021
  Avi Gesser
  ,
  Anna R. Gressel
• Part 1 on the Future of AI Regulation — The RFI on AI from U.S. Banking Regulators
  21 April 2021
  Avi Gesser
  ,
  Anna R. Gressel
• Effective Access Controls, Timely Breach Notification and Other Takeaways from the Latest NYDFS Cyber Resolution
  15 April 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Johanna N. Skrzypczyk
  ,
  Parker C. Eudy
  ,
  Christopher S. Ford
  ,
  Mengyi Xu
• The SEC’s Cybersecurity Priorities for Registered Investment Advisers—Looking Back to Anticipate the Road Ahead
  11 March 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Tricia Reville
  ,
  Mengyi Xu
• First DFS Resolution Under Its Cyber Rules Highlights the Risks of Inadequate Cyber Investigations
  8 March 2021
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Christopher S. Ford
  ,
  Alexandra N. Mogul
• Virginia Enacts a Comprehensive Privacy Law—Similarities and Differences Among VCDPA, CCPA and GDPR
  5 March 2021
  Avi Gesser
  ,
  Javier Alvarez-Oviedo
  ,
  Anna R. Gressel
  ,
  Robert Maddox
  ,
  Alexandra P. Swain
  ,
  Scott M. Caravello
  ,
  Tricia Reville
• Compliance & Enforcement: Tips for Creating a Sensible Cybersecurity and AI Risk Framework for Critical Vendors
  22 February 2021
  Compliance & Enforcement
  Avi Gesser
  ,
  Anna R. Gressel
  ,
  Zila Reyes Acosta-Grimes
  ,
  Michael Bloom
• Eleven Lessons From Cyber Hack That Forced an Australian Hedge Fund to Close — The Hedge Fund Law Report Interview with Avi Gesser
  17 February 2021
  Avi Gesser
• Tips for Creating a Sensible Cybersecurity and AI Risk Framework for Critical Vendors
  16 February 2021
  Avi Gesser
  ,
  Michael Bloom
  ,
  Anna R. Gressel
  ,
  Zila Reyes Acosta-Grimes
• Law360: SEC Settlement With Hedge Fund Offers Corporate AI Lessons
  28 January 2021
  Law360
  Avi Gesser
  ,
  Robert B. Kaplan
  ,
  James B. Amler
  ,
  Anna R. Gressel
  ,
  Tricia Reville
• Compliance & Enforcement: Destruction Emerges as a Powerful Enforcement Measure for AI: FTC Requires Company to Delete Models Trained with Improperly Utilized Consumer Data
  22 January 2021
  Compliance & Enforcement:
  Avi Gesser
  ,
  Jim Pastore
  ,
  Justin C. Ferrone
  ,
  Anna R. Gressel
  ,
  Paul D. Rubin
  ,
  Melissa Runsten
• Destruction Emerges as a Powerful Enforcement Measure for AI: FTC Requires Company to Delete Models Trained with Improperly Utilized Consumer Data
  19 January 2021
  Avi Gesser
  ,
  Jim Pastore
  ,
  Paul D. Rubin
  ,
  Justin C. Ferrone
  ,
  Anna R. Gressel
  ,
  Melissa Runsten
• Regulatory Risks for Not Disclosing Trading Algorithms - Five Takeaways from the SEC’s $170 million Settlement with BlueCrest Capital
  12 January 2021
  Avi Gesser
  ,
  Robert B. Kaplan
  ,
  James B. Amler
  ,
  Anna R. Gressel
• 2020/2021 Private Equity Year End Review and Outlook
  7 January 2021
  Jonathan Adler
  ,
  William D. Regner
  ,
  John W. Rife III
  ,
  Alisa A. Waxman
  ,
  Jennifer R. Cestaro
  ,
  Katherine Ashton
  ,
  E. Drew Dutton
  ,
  Jane Engelhardt
  ,
  Andrew C. Rearick
  ,
  Thomas Smith
  ,
  Ramya S. Tiller
  ,
  Christopher Anthony
  ,
  Kevin M. Schmidt
  ,
  Maurizio Levi-Minzi
  ,
  Geoffrey P. Burgess
  ,
  Dominic Blaxill
  ,
  William Y. Chua
  ,
  Jyotin Hamid
  ,
  Morgan J. Hayes
  ,
  Steven J. Slutzky
  ,
  Richard Ward
  ,
  Jennifer Wheater
  ,
  Paul Eastham
  ,
  Peter A. Furci
  ,
  Rafael Kariyev
  ,
  Jay E. Evans
  ,
  Samuel D. Krawiecz
  ,
  Andrew L. Bab
  ,
  Jennifer L. Chu
  ,
  Paul D. Rubin
  ,
  Jacob W. Stahl
  ,
  Kim T. Le
  ,
  Jyotin Hamid
  ,
  Meir D. Katz
  ,
  Jonathan F. Lewis
  ,
  Tricia Bozyk Sherno
  ,
  Ezra Borut
  ,
  Jeffrey P. Cunard
  ,
  Marc Ponchione
  ,
  Kenneth J. Berman
  ,
  Norma Angelica Freeland
  ,
  Patricia Volhard
  ,
  Christopher Dortschy
  ,
  Jin-Hyuk Jang
  ,
  John Young
  ,
  Andrew J. Ceresney
  ,
  Robert B. Kaplan
  ,
  Julie M. Riewe
  ,
  Merryl Lawry-White
  ,
  Sally Bergmann
  ,
  Scott B. Selinger
  ,
  Stuart Hammer
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Megan K. Bannigan
  ,
  David H. Bernstein
  ,
  M. Natasha Labovitz
  ,
  Sidney P. Levinson
  ,
  Peter J. Irwin
  ,
  Malina Welman
  ,
  Paul S. Bird
• Banking Agencies Propose 36-Hour Data Breach Reporting Rules for Significant Incidents
  18 December 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Gregory J. Lyons
  ,
  Jim Pastore
  ,
  Zila Reyes Acosta-Grimes
  ,
  Alexandra N. Mogul
  ,
  Courtney Bradford Pike
• SEC Enforcement Highlights the Risks of Not Preserving Text/Chat Messages—Practical Tips for Aligning Policies with Practices to Reduce Risk
  14 December 2020
  Avi Gesser
  ,
  Julie M. Riewe
  ,
  Jeff Robins
  ,
  Chana Zuckier
• Compliance & Enforcement: Post-Election Law Privacy Law Prospects
  6 November 2020
  Compliance & Enforcement
  Avi Gesser
  ,
  Jim Pastore
  ,
  Frank Colleluori
  ,
  Mengyi Xu
  ,
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Tigist Kassahun
• CFPB Seeks Public Comment in Implementing Dodd-Frank’s Consumer Right of Access to Financial Records
  2 November 2020
  Courtney M. Dankworth
  ,
  Avi Gesser
  ,
  James B. Amler
  ,
  Anna R. Gressel
  ,
  Christian J. Clark
• Companies Face Increased Sanctions Risk for Making Ransomware Payments — Takeaways from the Latest OFAC and FinCEN Advisories
  7 October 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Paul M. Rodel
  ,
  Zila Reyes Acosta-Grimes
  ,
  Martha Hirst
  ,
  Robert Maddox
  ,
  Mengyi Xu
• It’s Time to Take Credential Stuffing Seriously
  30 September 2020
  Avi Gesser
  ,
  Marc Ponchione
  ,
  Norma Angelica Freeland
  ,
  Robert Maddox
• A Top Five Checklist for Automated Back-to-Work Covid Questionnaires
  22 September 2020
  Avi Gesser
  ,
  Tricia Bozyk Sherno
• Bloomberg Law: AI Legal Work Is Mirroring Cybersecurity Practice Path
  10 September 2020
  Bloomberg Law
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Anna R. Gressel
• The UK School Algorithm Debacle: Five Lessons for Corporate AI Programs
  25 August 2020
  Avi Gesser
  ,
  Anna R. Gressel
• Compliance & Enforcement: Cybersecurity Requirements for Insurance Companies – The NYDFS Rules as the Emerging Standard
  19 August 2020
  Compliance & Enforcement
  Luke Dembosky
  ,
  Avi Gesser
  ,
  AJ Salomon
• Cybersecurity Requirements for Insurance Companies – The NYDFS Rules as the Emerging Standard
  12 August 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  AJ Salomon
• Developing Regulatory Scrutiny of Underwriting Factors
  5 August 2020
  Eric R. Dinallo
  ,
  Avi Gesser
  ,
  Susan Reagan Gittes
  ,
  Maeve O'Connor
  ,
  Robert M. Fettman
  ,
  AJ Salomon
• Compliance & Enforcement: Schrems II – Where are we now?
  5 August 2020
  Compliance & Enforcement
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Dr. Friedrich Popp
  ,
  Fanny Gauthier
  ,
  Robert Maddox
  ,
  Mengyi Xu
• Data Accountability and Transparency Act of 2020
  4 August 2020
  Eric R. Dinallo
  ,
  Susan Reagan Gittes
  ,
  Avi Gesser
  ,
  Maeve O'Connor
  ,
  Robert M. Fettman
  ,
  AJ Salomon
• Schrems II: Privacy Shield Invalid and Severe Challenges for Standard Contractual Clauses
  17 July 2020
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Dr. Thomas Schürrle
  ,
  Alexandre Bisch
  ,
  Fanny Gauthier
  ,
  Anna R. Gressel
  ,
  Robert Maddox
  ,
  Dr. Friedrich Popp
• OCC Invites Public Comment on Potential Revisions to Rules Affecting Bank Fintech Activities
  8 June 2020
  Avi Gesser
  ,
  Satish M. Kini
  ,
  Gregory J. Lyons
  ,
  Jeff Robins
  ,
  Alison M. Hashmall
  ,
  Anna R. Gressel
• CCPA Regulations Submitted to the California Office of Administrative Law for Publication
  4 June 2020
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Lisa Zornberg
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford
  ,
  Alexandra P. Swain
• French Authorities’ Cybersecurity Tips for Companies and Their Employees Working from Home
  21 May 2020
  Antoine F. Kirry
  ,
  Alexandre Bisch
  ,
  Fanny Gauthier
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
• Can Contact Tracing Apps Help Get Many of Us Back to Work Soon? A Framework for Evaluating the Various Options and Legal Concerns
  24 April 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Anna R. Gressel
  ,
  Suchita Mandavilli Brundage
  ,
  Samantha B. Singh
• COVID-19: Three Data Protection Tips for the EU and the UK
  23 March 2020
  Avi Gesser
  ,
  Jane Shvets
  ,
  Alexandre Bisch
  ,
  Fanny Gauthier
  ,
  Robert Maddox
  ,
  Dr. Friedrich Popp
• California AG Updates Draft CCPA Regulations (Again)
  19 March 2020
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Henry Lebowitz
  ,
  Jim Pastore
  ,
  Lisa Zornberg
  ,
  Kate Saba
• U.S. Legal Considerations for Remote Work Arrangements in the Wake of COVID-19
  17 March 2020
  Tricia Bozyk Sherno
  ,
  Jyotin Hamid
  ,
  Avi Gesser
• Debevoise Coronavirus Checklists—Cybersecurity
  10 March 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Lisa Zornberg
  ,
  Tricia Bozyk Sherno
  ,
  Hilary Davidson
  ,
  Christopher S. Ford
• In re: Marriott International Inc., Customer Data Security Breach Litigation
  27 February 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Lisa Zornberg
  ,
  Suchita Mandavilli Brundage
• Fifteen Ways to Reduce Regulatory and Reputational Risks for Your AI-Powered Applications – Lessons from Recent Court Decisions and Regulatory Activity
  20 February 2020
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Henry Lebowitz
  ,
  Jim Pastore
  ,
  Lisa Zornberg
  ,
  Anna R. Gressel
• Proposed Modifications to CCPA Regulations - Top Takeaways
  12 February 2020
  Jeffrey P. Cunard
  ,
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Javier Alvarez-Oviedo
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford
  ,
  Kate Saba
• The Practical Implications of the National Securities Clearing Corporation’s New Cybersecurity Rules
  7 February 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Jim Pastore
  ,
  Julie M. Riewe
  ,
  Paul M. Rodel
  ,
  Lisa Zornberg
  ,
  H Jacqueline Brehmer
• SEC’s New Cyber Observations Highlight Operational Resiliency
  4 February 2020
  Luke Dembosky
  ,
  Avi Gesser
  ,
  Robert B. Kaplan
  ,
  Jim Pastore
  ,
  Julie M. Riewe
  ,
  Lisa Zornberg
  ,
  H Jacqueline Brehmer
  ,
  Christopher S. Ford