Debevoise’s Data Strategy & Security practice provides a collaborative approach to help clients navigate their business-critical privacy, data protection and data security issues.
Luke Dembosky
Avi Gesser
Erez Liebermann
Jim Pastore
Charu Chandrasekhar
Kristin Snyder
Matthew Kelly
Robert Maddox
Johanna Skrzypczyk
Anna Moody
Achieving Sensible AI Regulation
NYDFS Publishes Revised Amendments to Its Cybersecurity Regulation – What Got Fixed, and What Still Needs Fixing
Debevoise Data Blog
The New York Attorney General Issues Guidance on Data Security Best Practices
Ranked as a leading firm in the U.S. for Privacy & Data Security by Chambers Global.
Ransomware attacks are very complex and sophisticated; however, this group is able to break down this complexity in a tangible way.
The team has spectacular subject matter expertise.
It is a strong firm with a nice team for data governance, cyber incidents and crisis response.
—Chambers Global, 2022-2024
Debevoise is ranked by The Legal 500 US (2024) as a leading firm for Cyber Law, Data Privacy and Data Protection.
A broad team with in-depth knowledge of cyber law. Extremely good experience in the field.
Debevoise has some of the finest legal minds I know working in this area.
The expertise of the lawyers at Debevoise is unmatched. They have some of the most experienced lawyers in the trade.
The team’s breadth of knowledge stands out; I would consider them not just practitioners, experts in the field.
—The Legal 500 US, 2021-2024
Ranked as a leading firm for Privacy & Data Security.
The depth of the group’s experience and the reach of their contacts within the industry are invaluable.
They are really superb lawyers, for super complex matters, they have a group that you can just totally rely upon. The lead partners there are phenomenal.
—Chambers USA, 2021-2024
Debevoise Data Strategy & Security Brochure
The Debevoise Data Strategy & Security (DSS) practice is global and interdisciplinary—combining our cyber incident response, data privacy, artificial intelligence, regulatory counseling and defense, business continuity, M&A diligence, national security and data governance practices into one fully integrated and coordinated group.
We advise leading companies on responding to ransomware and other cybersecurity events, including regulatory inquiries and civil litigation. Because we are constantly leading responses to significant cyber, privacy and AI incidents, we are able to channel that deep experience into helping our clients to improve their regulatory compliance, preparations and resilience. We regularly advise boards of the world’s largest companies on their cybersecurity and AI oversight obligations. Based on our incident response work, we regularly assess our clients’ cyber incident preparation, as well as advise on privacy and AI policies, processes, training and resources, to equip our clients to more effectively respond to the latest challenges in these rapidly evolving areas. We also routinely work with clients on proactive cyber, privacy and AI regulatory compliance in the U.S. and abroad, and defend clients in matters involving these issues before the U.S. DOJ, SEC, FINRA, NYDFS, U.S. state attorneys general and data protection and financial regulatory authorities around the world.
We also advise our clients on their overall data strategy, such as how to manage, protect and optimize their data, including through the use of artificial intelligence. Our integrated strategic advice on data includes both legal and technical assistance with the data issues that arise in M&A diligence, licensing and vendor contracting. We work with clients across the globe to prepare for, and respond to, significant data breaches and related investigations and litigation. In addition to our U.S. offices, we serve clients on these issues from offices strategically located in the United Kingdom, France, Germany, China, and Hong Kong. We regularly work on data advisory matters that involve a wide range of other non-U.S. jurisdictions, including the EU and EEA, Japan, Singapore, Brazil, Canada, Colombia and Argentina, among many others. We also identify existing and proposed laws and standards in the U.S. and around the world that will impact our clients’ use of data, including regulations and guidance relating to cybersecurity, privacy, AI, data minimization, records retention, document discovery and data governance.
Final Requirements for Insurers Using AI or External Data from the NYDFS
26 July 2024
Eric Dinallo, Avi Gesser, Sharon Shaji
DORA: Key Challenges for the Insurance Sector Under the EU Digital Operational Resilience Act
23 May 2024
Clare Swirski, Robert Maddox, Martha Hirst
AI in Consumer Finance: Regulatory Considerations
20 May 2024
Courtney Dankworth, Matt Kelly, Jehan Patterson
Discussion of the Treasury AI/Cyber Report
29 April 2024
CISA Proposes Major Reporting Obligations for Critical Infrastructure
22 April 2024
Luke Dembosky, Erez Liebermann, H Jacqueline Brehmer
The Rise in AI Regulation: What to Expect & How to Prepare
18 March 2024
Avi Gesser, Martha Hirst
CFTC Proposed Rulemaking for an Operational Resilience Framework
15 March 2024
Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie Thomas
The New York State Department of Financial Services Proposed Requirements for Insurers Using AI or External Data
9 February 2024
SEC and FINRA Compliance Considerations for AI Use by RIAs and Broker-Dealers
6 February 2024
Avi Gesser, Charu Chandrasekhar, Julie Riewe, Kristin Snyder
Cybersecurity for Counsel Series – Collaborating with Internal Stakeholders
19 December 2023
Kelly Harris, Dan Sutherland, Erez Liebermann, Martha Hirst
Webcast: AI and Private Equity
13 December 2023
Avi Gesser, Charu Chandrasekhar, Michelle Huang, Kevin Schmidt
SEC Cybersecurity Rules for Issuers – Part 3: Practice Guide Q&A
1 December 2023
Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Benjamin R. Pedersen
NYDFS Cybersecurity Final Amendments
28 November 2023
Avi Gesser, Erez Liebermann, Stephanie Thomas
Tips for Adopting Generative AI
20 October 2023
Avi Gesser, Kristin Snyder, Matt Kelly
Cybersecurity Threats, Regulatory Developments, and the Role of Lawyers – for NY State Cyber CLE Credit
19 September 2023
Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann
New York DFS Revises Proposed Amendments to Cybersecurity Rule
7 July 2023
Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, Stephanie Thomas
The Revised Colorado AI Insurance Regulations - What Got Fixed and What Still Needs Fixing
13 June 2023
Eric Dinallo, Avi Gesser, Stephanie Thomas
ChatGPT and Other Generative AI – Adoption, Governance, and Compliance Lessons for Insurance Companies
12 May 2023
Eric Dinallo, Avi Gesser, Suchita Brundage
Episode 21: Getting Ready for the New SEC Cyber Rules for RIAs and BDs
21 March 2023
Avi Gesser, Erez Liebermann, Julie M. Riewe, Jeff Robins, Kristin A. Snyder, Charu A. Chandrasekhar
Episode 20: ChatGPT Interviews ChatGPT on the Role of ChatGPT in the Legal Profession
21 February 2023
Avi Gesser, Melissa Muse, Sam Allaman
Colorado’s Approach to AI Governance for Insurers Part V
13 February 2023
Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo and Anna Gressel
Episode 19: From Hacker to Defender: Conversation with a Mastermind Hacker
7 February 2023
Erez Liebermann, Vladimir Drinkman
Predictions and Priorities for 2023
24 January 2023
Andrew J. Ceresney, Erin Cleary, Avi Gesser, Ted Hassi, Eric T. Juergens, Arian M. June, Peter F.G. Schuur, Erica S. Weisgerber, Anna R. Gressel, Ashley Yoon
Episode 18: A Conversation on AI and Hiring with EEOC Commissioner Keith Sonderling
10 January 2023
Keith Sonderling, Avi Gesser, Anna R. Gressel
Colorado’s Approach to AI Governance for Insurers
9 December 2022
Eric Dinallo, Marshal Bozo, Avi Gesser, Anna Gressel
NYDFS New Draft Amendments to Part 500 Cybersecurity Rules
18 November 2022
Eric R. Dinallo, Avi Gesser, Erez Liebermann, Caroline N. Swett, Johanna N. Skrzypczyk
Ethical Use of AI and the Emerging Legal Landscape
22 September 2022
Special Discussion with CT Insurance Commissioner Andrew Mais on AI and Big Data
19 August 2022
Eric Dinallo, Avi Gesser
NYDFS Draft Amendments to Part 500 Cybersecurity Rules
5 August 2022
Eric Dinallo, Luke Dembosky, Avi Gesser, Erez Liebermann, Charu Chandrasekhar
What the Recent California Bulletin Means for AI and Big Data Regulation
15 July 2022
Eric Dinallo, Avi Gesser, Erez Liebermann, Anna Gressel
Episode 17: AI Oversight Obligations for Directors
24 May 2022
Avi Gesser, William D. Regner, Anna R. Gressel
Part III: Artificial Intelligence and Discrimination in the Insurance Industry
20 May 2022
Eric Dinallo, Avi Gesser, Marshal Bozzo, Anna Gressel
The SEC & Cybersecurity – Spring 2022 Update
19 April 2022
Avi Gesser, Kristin Snyder, Charu Chandrasekhar, HJ Brehmer
Episode 16: Artificial Intelligence - Vendor Contracting and Diligence
22 March 2022
Avi Gesser, Anna Gressel, Tigist Kassahun
Cybersecurity for Not-for-Profit Organizations: Tips on Preparing for, and Responding to, Cyber Attacks
2 March 2022
Luke Dembosky, Suchita Brundage, Mengyi Xu
Part II: Artificial Intelligence and Discrimination in the Insurance Industry
11 February 2022
Eric Dinallo, Avi Gesser, Anna Gressel, Marshal Bozzo
Episode 15: Whistleblowers for Cybersecurity and Artificial Intelligence Issues – Tips for Preparation and Response
16 December 2021
Avi Gesser, Anna Gressel, Jyotin Hamid and Maeve O’Connor
Cybersecurity and the Insurance Industry
4 November 2021
Avi Gesser, Benjamin Lyon, Martha Hirst and Robert Maddox
Episode 14: Practical Tips on Managing AI Risks in the Insurance Sector - A Discussion with Alex Singla, Doug McElhaney and Liz Grennan of McKinsey
3 November 2021
Avi Gesser, Anna Gressel, Alex Singla, Doug McElhaney, Liz Grennan
Part I: Artificial Intelligence and Discrimination in the Insurance Industry
8 October 2021
Episode 13: The Future of Artificial Intelligence Regulation – A Recap of Recent Developments and What Companies Can Do Now to Prepare
3 May 2021
Avi Gesser, Anna Gressel with guest speaker Stephen McDougall
Episode 12: Artificial Intelligence and Consumer Data - A Discussion with Kaitlin Asrow, Fintech Policy Advisor for Federal Reserve Bank of San Francisco
3 March 2021
Avi Gesser, Anna Gressel, Kaitlin Asrow
Episode 11: Artificial Intelligence and Cyber Insurance – A Discussion with Stefan Toi of Aon Cyber Solutions and Marcello Antonucci of Beazley on Navigating “AI Gaps” in Cyber Insurance Coverage
6 January 2021
Avi Gesser, Keith Slattery, Anna Gressel, Marcello Antonucci, Stefan Toi
Supervising AI: The Role of Corporate Boards
16 November 2020
Avi Gesser, Anna Gressel, Edward Stroz
Episode 10: Artificial Intelligence and the Insurance Sector- A Discussion with Jon Godfread, North Dakota Commissioner of Insurance and Chair of the NAIC Artificial Intelligence Working Group
13 October 2020
Avi Gesser, Anna Gressel, Jon Godfread
Episode 9: Artificial Intelligence and Consumer Protection Risks - A Discussion with Andrew Smith, Director of the FTC's Bureau of Consumer Protection
6 August 2020
Avi Gesser, Anna Gressel, Andrew Smith
Episode 8: Artificial Intelligence Regulation in the Securities Industry - A Discussion with Haimera Workie of FINRA's Office of Financial Innovation
23 July 2020
Avi Gesser, Anna Gressel
Episode 7 - Safeguarding Employees’ Credentials and Preventing Unauthorized Access to Sensitive Data Stored in the Cloud and on Employees’ Personal Devices.
7 July, 2020
Avi Gesser, Mengyi Xu, Luke Tenery, Joe Shepley
Episode 6: Ransomware 2.0 - A Discussion with Dave Wong of FireEye Mandiant on the Evolving Threat Landscape, Risk Mitigation Strategies, and Legal and Practical Considerations
23 June 2020
Avi Gesser, HJ Brehmer
Episode 5: How to Demonstrate “Reasonable Cybersecurity Procedures” for Regulatory Inquiries and Litigation
16 June 2020
Avi Gesser, Stephanie Cipolla
Returning to Work in the US: Key Employment Law Considerations
5 June 2020
Alexander Cochran, Eric Dinallo, Avi Gesser, Jyotin Hamid, Tricia Sherno
Episode 4: Emerging Cybersecurity Issues for PE Sponsors and Portfolio Companies
21 May 2020
Luke Dembosky, Avi Gesser
Episode 3: Protecting Policyholder Data: Risks and lessons for insurers from the first weeks of work-from-home arrangements due to COVID-19
8 May 2020
Luke Dembosky, Eric Dinallo, Avi Gesser
Episode 2: Artificial Intelligence Regulation - A Discussion with Matthew Homer of the NYDFS on Reducing Risks Arising from AI Programs
21 April 2020
Avi Gesser, Anna Gressel, Matthew Homer
Episode 1: Reducing Cybersecurity and Related Regulatory Risks Arising from Remote Working Arrangements
1 April 2020
Luke Dembosky, Avi Gesser, Justin Herring
Are You Ready for CCPA? 19 November 2019
Jeremy Feigelson, Kate Saba, Warren Metlitzky
Life Under GDPR: A Breach Response Scenario
23 May 2017
Pierre Clermontel, Luke Dembosky, Jane Shvets, Anna V. Maximenko, Dr. Friedrich Popp