Debevoise Data Blog

FEBRUARY 8, 2021

Although the letter was greeted by Acting SEC Chairman Roisman as confirmation that the “ UK GDPR does not impose legal barriers to the transfer of personal data […] directly to the SEC for regulatory or enforcement purposes ”, SEC–Regulated UK Firms may still need to scrutinise data requests and have procedures in place to ensure GDPR compliance.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

MARCH 17, 2023

Another benefit is the simplicity of the policy, which would make compliance relatively easy. Bringing offline data online for regulatory compliance or litigation may be costly, and offline data may still be subject to discovery. To subscribe to the Data Blog, please click here. Anonymizing Data after One Year.

e-discovery 52

e-discovery Compliance Litigator Litigation 52

Debevoise Data Blog

SEPTEMBER 22, 2021

According to OFAC and other industry intelligence, approximately 40% of SUEX’s transactions involve illicit actors, including nearly $13 million in transactions associated with ransomware operators since 2018. Increased Risks of Inadvertent OFAC Violations The Advisory largely tracks prior guidance, which we discussed in October 2020.

Compliance 52

Compliance Software Law Law 52

Debevoise Data Blog

MAY 28, 2024

UK ICO pushes for transparency in health and social care What happened : On 15 April 2024, the UK ICO published guidance to help organisations processing personal health and social care data to be transparent with people about how their personal information is used in accordance with the DPA 2018 and UK GDPR.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

APRIL 26, 2024

Icelandic DPA fines Subway for unlawful employee monitoring: Joining other European DPAs in increasing scrutiny on workplace monitoring, the Icelandic DPA fined Subway in a decision that highlights the requirements for GDPR compliance for businesses engaging in employee monitoring. To subscribe to the Data Blog, please click here.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

APRIL 14, 2021

Because of the violations mentioned above, the DFS also determined that National Securities falsely certified compliance with the MFA and breach notification requirements of Part 500. The DFS also makes clear that it expects full compliance with the Part 500.17(a) To subscribe to the Data Blog, please click here.

Failure-to-appear 52

Failure-to-appear Compliance Hearing Document management 52

Debevoise Data Blog

SEPTEMBER 20, 2021

million payment to settle charges for engaging in fraudulent practices and making material misrepresentations about its data use from 2014 to 2018 (the “Relevant Period”) in violation of Section 10(b) of the Securities Exchange Act of 1934 (“Exchange Act”) and Rule 10b-5 thereunder (“SEC Order”).

Due diligence 52

Due diligence Compliance Analytics Law 52

Debevoise Data Blog

JANUARY 18, 2023

On January 10, 2023, the Financial Industry Regulatory Authority (“FINRA”) published its 2023 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”), which is intended to provide member firms with key considerations and observations to use in enhancing their compliance programs.

Compliance 52

Compliance Software Analytics Law 52

Debevoise Data Blog

MAY 12, 2023

million children under 13 were allowed to use the video-sharing platform between 2018 and 2020, contrary to TikTok’s own terms of service. If the Code applies, businesses may wish to document this assessment and take steps to build compliance with the Code into existing product development and monitoring processes.

Data protection 52

Data protection Software design Machine learning Software 52

Debevoise Data Blog

JULY 27, 2021

In this Debevoise Data Blog post, we discuss these developments and provide an update on ways that companies can reduce their cybersecurity regulatory risk. To subscribe to the Data Blog, please click here. The authors would like to thank Debevoise & Plimpton Summer Associate Katie McCarty for her contribution to this blog post.

Software 52

Software Time-tracking Compliance 52

Debevoise Data Blog

FEBRUARY 28, 2022

In this Data Blog post, we discuss recent enforcement actions and regulatory requirements for getting rid of old data and offer six tips for complying with these developing obligations. A senior officer or director of the regulated entity must certify compliance with the NYDFS Cyber Rules annually, including the data minimization obligation.

e-filing 52

e-filing Compliance Litigator Litigation 52

Debevoise Data Blog

MARCH 11, 2021

For core cybersecurity issues, the SEC’s actions against Voya Financial Advisors (“VFA”) (2018) and Options Clearing Corp and Virtu Americas LLC (“Virtu”) (2019) remain the key benchmarks for understanding its enforcement priorities. The system did not work and Virtu’s ATS volume required compliance with Regulation SCI.

Compliance 52

Compliance Data protection Attorney 52

Clio

JANUARY 30, 2024

Check out our blog post on understanding HIPAA compliance for more information. GDPR : To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). So, it may be a good idea to learn more about GDPR. Are they compliant?

Law firm 98

Law firm Law Law Due diligence 98

Ron Friedmann

JUNE 17, 2020

This is a live blog post of Microsoft’s Trusted Advisor Forum on Innovation webinar on 17 June 2020. Many ideas have arisen from social events and hallways conversations in the first live event in 2018. That would have been a big event, bigger than the 2018 first one. I post this as the session ends. It had to be cancelled.

Time-tracking 130

Time-tracking e-discovery Analytics Law firm 130

Debevoise Data Blog

OCTOBER 6, 2022

The settlement also underscores that Reg S-P enforcement remains a priority for the Commission, which as discussed in our Data Blog post , brought a series of Reg S-P actions just last year. Assurance from vendors about the handling and destruction of consumer PII and consumer report information may not be sufficient for Reg S-P compliance.

Compliance 40

Compliance 40

Debevoise Data Blog

OCTOBER 12, 2021

The model is a self-assessment tool to help companies evaluate their data protection compliance and determine how to improve their data management. While the model does not guarantee GDPR compliance, it may help companies align themselves with the regulator’s latest expectations. These developments, and more, covered below.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

new tech law blog

DECEMBER 2, 2022

Time to check GDPR compliance Failure to conclude agreements based on the new standard contractual clauses could lead to a situation in which transfers are made without adequate safeguards, and therefore in violation of the GDPR.

Data protection 52

Data protection Compliance Court 52

Eric Goldman

MARCH 29, 2023

Step Two: The CCB does a compliance review of the filed claim to determine if the claim qualifies for the CCB. Others have dropped out because they did not pass the compliance review, the respondent opted out, or for other reasons). On June 4, 2018, Oppenheimer found his image on Prutton’s website. Here are some highlights.

e-filing 95

e-filing Court Failure-to-appear Dispute resolution 95

Debevoise Data Blog

AUGUST 7, 2023

Issuers should consider developing a well-informed and deliberative process to support the materiality analysis well before an incident occurs; adherence to internal practices and disclosure controls and procedures will aid issuers in establishing good faith compliance with the disclosure obligation. The Final Rules are available here.

Time-tracking 40

Time-tracking Compliance Document management Litigator 40

Colin S. Levy

JANUARY 29, 2024

Fast forward to 2018, and I made plans to start my legal design business. I hope it will help businesses transition to automated systems faster (like CLM, contract drafting, and compliance apps). I was frustrated and exhausted from working as a traditional lawyer and litigator. I also expect to see more legal tech and design combined.

Legal tech 59

Legal tech Legal tech Lawyer Litigator 59

LawSites

DECEMBER 29, 2021

Here are my prior years’ lists of the most important developments: 2020 , 2018 , 2016 , 2015 , 2014 , 2013. My blog post explaining my reasons for pulling out was my most-read post of 2021 , which suggests that many others were themselves debating whether to attend. For 2019, I replaced the year-end list with a decade-end list.

Legal tech 140

Legal tech Legal tech Practice management e-filing 140

Debevoise Data Blog

SEPTEMBER 30, 2021

Almost everyone working in cybersecurity compliance is aware that each U.S. In this Debevoise Data Blog post, we examine the general cybersecurity obligations under state law, including common themes and recent developments. These states are included in a table at the end of this blog post. Compliance with an Industry Framework.

State law 52

State law Law Law Compliance 52

Debevoise Data Blog

NOVEMBER 24, 2020

Companies subject to the GDPR should consider all three actions in assessing their data protection compliance. The Ticketmaster penalty notice states that on 10 February 2018, an attacker injected malicious code into a customer service “chatbot” used on Ticketmaster websites, including payment processing pages. What Happened?

Data protection 52

Data protection Compliance Failure-to-appear Software 52

Ikigai Law

JULY 4, 2023

In 2018, RBI mandated that payment system data must be stored locally. Finshots ] Save Now, Pay Later (SNPL)- An emerging business model in Fintech [ Credgenics Blogs ] Fintech Global: Will AI take over the regulation and compliance in the future? So, RBI finally greenlit FLDG arrangements in the June 8 guidelines.

e-filing 52

e-filing e-records Court Law 52

Debevoise Data Blog

DECEMBER 19, 2022

As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2022 by page views. If you are not already a Blog subscriber, click here to sign up. Notably, these are the first Reg S-ID cases the SEC has brought since 2018, when the Commission brought its first-ever Reg S-ID action.

Compliance 52

Compliance Law Law 52

3 Geeks and a Law Blog

MAY 12, 2023

The last time I did stand up, I think it was 2018. Greg Lambert 3:08 Do you ever do some, just some walk up? There’s some open mics anymore. Nathan Walter 3:13 I haven’t in a while. I did the Parent Teacher Association of Orange County, California annual comedy event. And it went great. It was a lot of fun. But that’s far and away.

Lawyer 130

Lawyer Litigator Litigation Time-tracking 130

LawSites

DECEMBER 29, 2021

Here are my prior years’ lists of the most important developments: 2020 , 2018 , 2016 , 2015 , 2014 , 2013. My blog post explaining my reasons for pulling out was my most-read post of 2021 , which suggests that many others were themselves debating whether to attend. For 2019, I replaced the year-end list with a decade-end list.

Legal tech 52

Legal tech Legal tech Practice management e-filing 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

FEBRUARY 27, 2024

The ICO intends to share a series of chapters, over the coming months, examining the impact of UK GDPR and the Data Protection Act 2018 on AI development. Such businesses may wish to assess their compliance strategies well in advance of the mid-2025 enforcement deadline to allow sufficient time for technical and operational adjustments.

Data protection 52

Data protection Compliance Court e-records 52

Debevoise Data Blog

OCTOBER 10, 2022

The draft proposal has a long road ahead before it would become law and, if and when passed, has a proposed two-year time frame for manufacturers to come into full compliance. To subscribe to the Data Blog, please click here. What to do : Nothing immediate.

Data protection 52

Data protection Analytics Software Compliance 52

Debevoise Data Blog

NOVEMBER 2, 2022

What to do : Entities should check whether they are subject to the DSA as soon as possible and, if they are, start considering how to implement a compliance program to ensure DSA-readiness by February 2024 or, for VLOPs and VLOSEs, potentially on shorter notice. In 2018, the U.S. authorised the U.S.

Data protection 52

Data protection Compliance Machine learning Court 52

Eric Goldman

MARCH 5, 2023

The non-mutuality of the disclosure exposes the FDA’s residual bias: it still treats cowmilk as the baseline even though it’s an anachronism of a prior American diet/culture, one the FDA is sticking to despite the fact that Americans are already widely out of compliance with its recommended consumptions.

Compliance 88

Compliance Law Law 88

Berkley Technology Law Journal

NOVEMBER 18, 2022

This was even more open to debate, if there is a third violation, the DMA says this is a systematic non-compliance and therefore we should even have stricter fines and the strictest fine can even be that we break up the company. But we already have, since 2018, a data portability rule in the general data protection regulation.

Law 40

Law Law Data protection Court 40

Debevoise Data Blog

MARCH 16, 2023

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018. To subscribe to our Data Blog, click here.

Software 52

Software Defendant Failure-to-appear Compliance 52