Tag Archives: Lisa Zornberg

First Enforcement Action by New York DFS Under Its Cyber Rules Shows Where Companies Face Regulatory Risk – Six Quick Takeaways

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Lisa Zornberg, Zila Reyes Acosta-Grimes, Michael BloomChristopher S. Ford, and Mengyi Xu

The New York State Department of Financial Services (“DFS”) issued a Statement of Charges and Notice of Hearing (PDF: 278 KB) (the “Charges”) on July 21, 2020 against First American Title Insurance Company (“First American”) for multiple violations of the DFS Part 500 Cybersecurity Regulation (PDF: 97.4 KB) (the “Regulation”), including:

    • Failure to perform an adequate risk assessment
    • Failure to maintain proper access controls
    • Failure to provide adequate security training for cybersecurity employees
    • Failure to encrypt certain nonpublic information

The Charges carry potential penalties of up to $1,000 per violation, and in its press release, the DFS asserts that each instance of nonpublic information that was accessed by an unauthorized person constitutes a separate violation. The Charges allege that hundreds of millions of documents were at risk, more than 350,000 documents were accessed without authorization, and a sample of 1,000 documents found that 30% contained nonpublic information.

Continue reading

Debevoise Coronavirus Checklists—Cybersecurity

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Lisa Zornberg, Tricia Bozyk Sherno, Hilary Davidson, and Christopher S. Ford

As companies dust off their Business Continuity Plans to prepare for possible disruptions and remote working due to COVID-19, here are 10 cybersecurity considerations to add to the list of preparations: Continue reading

Fifteen Ways to Reduce Regulatory and Reputational Risks for Your AI-Powered Applications – Lessons from Recent Court Decisions and Regulatory Activity

by Avi Gesser, Henry Lebowitz, Jeffrey P. Cunard, Jim Pastore, Lisa Zornberg, Luke Dembosky, Anna R. Gressel, and Steve Tegrar

It is only February, but, so far, 2020 looks like it is going to be the year that courts and regulators look seriously at artificial intelligence (“AI”).

Recent developments in both Europe and the United States provide some insight into where AI is likely to face tough scrutiny and ways to mitigate risks of using AI. Continue reading

DOJ Updates Guidance on Evaluating Corporate Compliance Programs

by Matthew L. Biben, Kara Brockmeyer, Helen V. Cantwell, Andrew J. Ceresney, Andrew M. Levine, David A. O’Neil, David Sarratt, Jonathan R. Tuttle, Mary Jo White, Bruce E. Yannett, Lisa Zornberg, Ryan M. Kusmin, and Jil Simon

On April 30, 2019, Assistant Attorney General Brian Benczkowski announced an updated version of the Evaluation of Corporate Compliance Programs (the “Updated Guidance”).[1] This Updated Guidance supersedes a document of the same name that the Fraud Section of DOJ’s Criminal Division published online in February 2017 without any formal announcement (the “2017 Guidance”). Although not breaking much new ground, we believe the Updated Guidance can serve as a valuable resource for those grappling with how best to design, implement, and monitor an effective corporate compliance program.

In contrast to the 2017 Guidance—which listed dozens of questions to consider in evaluating a compliance program without providing much context—the Updated Guidance employs a more holistic approach. It focuses on three fundamental questions drawn from the Justice Manual:

  • Is the corporation’s compliance program well designed?
  • Is the program implemented effectively?
  • Does the program work in practice?[2]

Continue reading