Debevoise’s Data Strategy & Security practice provides a collaborative approach to help clients navigate their business-critical privacy, data protection and data security issues.

Read Full Description

Related Capabilities

Thought Leadership

Announcements

Ranked as a leading firm in the U.S. for Privacy & Data Security by Chambers Global.

Ransomware attacks are very complex and sophisticated; however, this group is able to break down this complexity in a tangible way.

The team has spectacular subject matter expertise.

It is a strong firm with a nice team for data governance, cyber incidents and crisis response.

—Chambers Global, 2022-2025

Debevoise is ranked by The Legal 500 US (2024) as a leading firm for Cyber Law, Data Privacy and Data Protection.

A broad team with in-depth knowledge of cyber law. Extremely good experience in the field.

Debevoise has some of the finest legal minds I know working in this area.

The expertise of the lawyers at Debevoise is unmatched. They have some of the most experienced lawyers in the trade.

The team’s breadth of knowledge stands out; I would consider them not just practitioners, experts in the field.

—The Legal 500 US, 2021-2025

Ranked as a leading firm for Privacy & Data Security.

The team has a very strong understanding of regulatory impact and the bench is second to none.

Their industry knowledge and experience make them suited to address complex, sophisticated matters. Regulatory compliance, litigation, emerging issues - they have resources to address all my needs.

Debevoise's team possesses a deep understanding of the complex legal landscape, particularly when it comes to risk specific to our business. Their insights have been invaluable.

—Chambers USA, 2021-2025

Featured Topic

Debevoise Cybersecurity & Data Privacy Brochure

Learn More

The Debevoise Data Strategy & Security (DSS) practice is global and interdisciplinary—combining our cyber incident response, data privacy, artificial intelligence, regulatory counseling and defense, business continuity, M&A diligence, national security and data governance practices into one fully integrated and coordinated group.We advise leading companies on responding to ransomware and other cybersecurity events, including regulatory inquiries and civil litigation. Because we are constantly leading responses to significant cyber, privacy and AI incidents, we are able to channel that deep experience into helping our clients to improve their regulatory compliance, preparations and resilience. We regularly advise boards of the world’s largest companies on their cybersecurity and AI oversight obligations. Based on our incident response work, we regularly assess our clients’ cyber incident preparation, as well as advise on privacy and AI policies, processes, training and resources, to equip our clients to more effectively respond to the latest challenges in these rapidly evolving areas. We also routinely work with clients on proactive cyber, privacy and AI regulatory compliance in the U.S. and abroad, and defend clients in matters involving these issues before the U.S. DOJ, SEC, FINRA, NYDFS, U.S. state attorneys general and data protection and financial regulatory authorities around the world.We also advise our clients on their overall data strategy, such as how to manage, protect and optimize their data, including through the use of artificial intelligence. Our integrated strategic advice on data includes both legal and technical assistance with the data issues that arise in M&A diligence, licensing and vendor contracting. We work with clients across the globe to prepare for, and respond to, significant data breaches and related investigations and litigation. In addition to our U.S. offices, we serve clients on these issues from offices strategically located in the United Kingdom, France, Germany, China, and Hong Kong. We regularly work on data advisory matters that involve a wide range of other non-U.S. jurisdictions, including the EU and EEA, Japan, Singapore, Brazil, Canada, Colombia and Argentina, among many others. We also identify existing and proposed laws and standards in the U.S. and around the world that will impact our clients’ use of data, including regulations and guidance relating to cybersecurity, privacy, AI, data minimization, records retention, document discovery and data governance. AI Can Draft Board Minutes—But Should It? 29 July 2025Avi Gesser, Charu Chandrasekhar, Eric Juergens, Kristin SnyderAI Meeting Tools Part 3: New Tools = New Risks and New Recordkeeping Obligations 23 April 2025Charu Chandrasekhar, Avi Gesser, Julie Riewe, Kristin SnyderEconomic Statecraft: “The Emerging Front in National Security” 16 April 2025Rick Sofield, Konstantin Bureiko, Carter Burwell, Anne Mette Heemsoth, Johanna Skrzypczyk, Gabriel Kohan, John Satira, Jonathan Wong Europe’s Regulatory Approach to Artificial Intelligence in the Insurance Industry 27 March 2025Avi Gesser, Clare Swirski, Martha Hirst Preparing for the 2025 Annual Reporting Season: Cybersecurity Disclosure In Focus 10 December 2024Erez Liebermann, Ben Pedersen, Anna Moody AI-Generated Meeting Transcripts, Summaries, and Recordings: The Promise and the Perils6 December 2024Charu Chandrasekhar, Avi Gesser, Julie Riewe, Kristin Snyder AI and Vendor Risk Management11 October 2024Avi Gesser, Matt Kelly, Johanna SkrzypczykFinal Requirements for Insurers Using AI or External Data from the NYDFS26 July 2024Eric Dinallo, Avi Gesser, Sharon ShajiDORA: Key Challenges for the Insurance Sector Under the EU Digital Operational Resilience Act23 May 2024Clare Swirski, Robert Maddox, Martha HirstAI in Consumer Finance: Regulatory Considerations20 May 2024Courtney Dankworth, Matt Kelly, Jehan PattersonDiscussion of the Treasury AI/Cyber Report29 April 2024Erez LiebermannCISA Proposes Major Reporting Obligations for Critical Infrastructure22 April 2024Luke Dembosky, Erez Liebermann, H Jacqueline BrehmerThe Rise in AI Regulation: What to Expect & How to Prepare18 March 2024Avi Gesser, Martha HirstCFTC Proposed Rulemaking for an Operational Resilience Framework15 March 2024Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie ThomasThe New York State Department of Financial Services Proposed Requirements for Insurers Using AI or External Data9 February 2024Eric Dinallo, Avi Gesser, Sharon Shaji SEC and FINRA Compliance Considerations for AI Use by RIAs and Broker-Dealers6 February 2024Avi Gesser, Charu Chandrasekhar, Julie Riewe, Kristin SnyderCybersecurity for Counsel Series – Collaborating with Internal Stakeholders19 December 2023Kelly Harris, Dan Sutherland, Erez Liebermann, Martha HirstWebcast: AI and Private Equity13 December 2023Avi Gesser, Charu Chandrasekhar, Michelle Huang, Kevin SchmidtSEC Cybersecurity Rules for Issuers – Part 3: Practice Guide Q&A1 December 2023Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Benjamin R. PedersenNYDFS Cybersecurity Final Amendments28 November 2023Avi Gesser, Erez Liebermann, Stephanie ThomasTips for Adopting Generative AI20 October 2023Avi Gesser, Kristin Snyder, Matt KellyCybersecurity Threats, Regulatory Developments, and the Role of Lawyers – for NY State Cyber CLE Credit19 September 2023Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez LiebermannNew York DFS Revises Proposed Amendments to Cybersecurity Rule7 July 2023Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, Stephanie ThomasThe Revised Colorado AI Insurance Regulations - What Got Fixed and What Still Needs Fixing13 June 2023Eric Dinallo, Avi Gesser, Stephanie ThomasChatGPT and Other Generative AI – Adoption, Governance, and Compliance Lessons for Insurance Companies12 May 2023Eric Dinallo, Avi Gesser, Suchita BrundageEpisode 21: Getting Ready for the New SEC Cyber Rules for RIAs and BDs21 March 2023Avi Gesser, Erez Liebermann, Julie M. Riewe, Jeff Robins, Kristin A. Snyder, Charu A. ChandrasekharEpisode 20: ChatGPT Interviews ChatGPT on the Role of ChatGPT in the Legal Profession21 February 2023Avi Gesser, Melissa Muse, Sam AllamanColorado’s Approach to AI Governance for Insurers Part V13 February 2023Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo and Anna GresselEpisode 19: From Hacker to Defender: Conversation with a Mastermind Hacker7 February 2023Erez Liebermann, Vladimir DrinkmanPredictions and Priorities for 202324 January 2023Andrew J. Ceresney, Erin Cleary, Avi Gesser, Ted Hassi, Eric T. Juergens, Arian M. June, Peter F.G. Schuur, Erica S. Weisgerber, Anna R. Gressel, Ashley YoonEpisode 18: A Conversation on AI and Hiring with EEOC Commissioner Keith Sonderling10 January 2023Keith Sonderling, Avi Gesser, Anna R. GresselColorado’s Approach to AI Governance for Insurers9 December 2022Eric Dinallo, Marshal Bozo, Avi Gesser, Anna GresselNYDFS New Draft Amendments to Part 500 Cybersecurity Rules18 November 2022Eric R. Dinallo, Avi Gesser, Erez Liebermann, Caroline N. Swett, Johanna N. SkrzypczykEthical Use of AI and the Emerging Legal Landscape22 September 2022Avi GesserSpecial Discussion with CT Insurance Commissioner Andrew Mais on AI and Big Data19 August 2022Eric Dinallo, Avi GesserNYDFS Draft Amendments to Part 500 Cybersecurity Rules5 August 2022Eric Dinallo, Luke Dembosky, Avi Gesser, Erez Liebermann, Charu ChandrasekharWhat the Recent California Bulletin Means for AI and Big Data Regulation15 July 2022Eric Dinallo, Avi Gesser, Erez Liebermann, Anna GresselEpisode 17: AI Oversight Obligations for Directors24 May 2022Avi Gesser, William D. Regner, Anna R. GresselPart III: Artificial Intelligence and Discrimination in the Insurance Industry20 May 2022Eric Dinallo, Avi Gesser, Marshal Bozzo, Anna GresselThe SEC & Cybersecurity – Spring 2022 Update19 April 2022Avi Gesser, Kristin Snyder, Charu Chandrasekhar, HJ BrehmerEpisode 16: Artificial Intelligence - Vendor Contracting and Diligence22 March 2022Avi Gesser, Anna Gressel, Tigist KassahunCybersecurity for Not-for-Profit Organizations: Tips on Preparing for, and Responding to, Cyber Attacks2 March 2022Luke Dembosky, Suchita Brundage, Mengyi XuPart II: Artificial Intelligence and Discrimination in the Insurance Industry11 February 2022Eric Dinallo, Avi Gesser, Anna Gressel, Marshal BozzoEpisode 15: Whistleblowers for Cybersecurity and Artificial Intelligence Issues – Tips for Preparation and Response16 December 2021Avi Gesser, Anna Gressel, Jyotin Hamid and Maeve O’ConnorCybersecurity and the Insurance Industry4 November 2021Avi Gesser, Benjamin Lyon, Martha Hirst and Robert MaddoxEpisode 14: Practical Tips on Managing AI Risks in the Insurance Sector - A Discussion with Alex Singla, Doug McElhaney and Liz Grennan of McKinsey 3 November 2021Avi Gesser, Anna Gressel, Alex Singla, Doug McElhaney, Liz GrennanPart I: Artificial Intelligence and Discrimination in the Insurance Industry8 October 2021Eric Dinallo, Avi Gesser, Anna Gressel, Marshal BozzoEpisode 13: The Future of Artificial Intelligence Regulation – A Recap of Recent Developments and What Companies Can Do Now to Prepare 3 May 2021Avi Gesser, Anna Gressel with guest speaker Stephen McDougallEpisode 12: Artificial Intelligence and Consumer Data - A Discussion with Kaitlin Asrow, Fintech Policy Advisor for Federal Reserve Bank of San Francisco 3 March 2021Avi Gesser, Anna Gressel, Kaitlin AsrowEpisode 11: Artificial Intelligence and Cyber Insurance – A Discussion with Stefan Toi of Aon Cyber Solutions and Marcello Antonucci of Beazley on Navigating “AI Gaps” in Cyber Insurance Coverage 6 January 2021Avi Gesser, Keith Slattery, Anna Gressel, Marcello Antonucci, Stefan ToiSupervising AI: The Role of Corporate Boards 16 November 2020Avi Gesser, Anna Gressel, Edward StrozEpisode 10: Artificial Intelligence and the Insurance Sector- A Discussion with Jon Godfread, North Dakota Commissioner of Insurance and Chair of the NAIC Artificial Intelligence Working Group 13 October 2020Avi Gesser, Anna Gressel, Jon GodfreadEpisode 9: Artificial Intelligence and Consumer Protection Risks - A Discussion with Andrew Smith, Director of the FTC's Bureau of Consumer Protection 6 August 2020Avi Gesser, Anna Gressel, Andrew SmithEpisode 8: Artificial Intelligence Regulation in the Securities Industry - A Discussion with Haimera Workie of FINRA's Office of Financial Innovation 23 July 2020Avi Gesser, Anna GresselEpisode 7 - Safeguarding Employees’ Credentials and Preventing Unauthorized Access to Sensitive Data Stored in the Cloud and on Employees’ Personal Devices. 7 July, 2020Avi Gesser, Mengyi Xu, Luke Tenery, Joe ShepleyEpisode 6: Ransomware 2.0 - A Discussion with Dave Wong of FireEye Mandiant on the Evolving Threat Landscape, Risk Mitigation Strategies, and Legal and Practical Considerations 23 June 2020Avi Gesser, HJ BrehmerEpisode 5: How to Demonstrate “Reasonable Cybersecurity Procedures” for Regulatory Inquiries and Litigation 16 June 2020Avi Gesser, Stephanie CipollaReturning to Work in the US: Key Employment Law Considerations 5 June 2020Alexander Cochran, Eric Dinallo, Avi Gesser, Jyotin Hamid, Tricia ShernoEpisode 4: Emerging Cybersecurity Issues for PE Sponsors and Portfolio Companies 21 May 2020Luke Dembosky, Avi GesserEpisode 3: Protecting Policyholder Data: Risks and lessons for insurers from the first weeks of work-from-home arrangements due to COVID-19 8 May 2020Luke Dembosky, Eric Dinallo, Avi GesserEpisode 2: Artificial Intelligence Regulation - A Discussion with Matthew Homer of the NYDFS on Reducing Risks Arising from AI Programs 21 April 2020Avi Gesser, Anna Gressel, Matthew HomerEpisode 1: Reducing Cybersecurity and Related Regulatory Risks Arising from Remote Working Arrangements 1 April 2020Luke Dembosky, Avi Gesser, Justin HerringAre You Ready for CCPA?

19 November 2019Jeremy Feigelson, Kate Saba, Warren Metlitzky Life Under GDPR: A Breach Response Scenario23 May 2017Pierre Clermontel, Luke Dembosky, Jane Shvets, Anna V. Maximenko, Dr. Friedrich Popp

Data Strategy & Security

Contacts

Featured Post

Featured Post

Featured Topic

Featured Post

Thought Leadership

Announcements

Featured Topic

Learn More