On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services...more
On July 30, 2024, the New York Attorney General Letitia James announced she had completed an investigation into the tracking technology practices of popular websites, and used this to create website privacy guides on online...more
On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data...more
8/12/2024
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Discrimination ,
Enforcement Priorities ,
Insurance Industry ,
NYDFS ,
Pricing ,
Regulatory Oversight ,
Risk Management ,
Transparency ,
Underwriting ,
Vendor Contacts
Our Privacy, Cyber & Data Strategy Group analyzes important guidance from the NYDFS on how insurers use external consumer data and information sources and artificial intelligence systems....more
On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security...more
Welcome to the latest edition of the Spectrum, covering hot-topic issues in the structured finance markets in the U.S. and UK. This edition features the new UK securitization regime, eHELOCs, and climate risk disclosures....more
8/7/2024
/ Asset Management ,
Blockchain ,
Capital Markets ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Due Diligence ,
Federal Trade Commission (FTC) ,
Fees ,
FHFA ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Markets ,
Financial Regulatory Reform ,
Financial Services Industry ,
Foreign Investment ,
Freddie Mac ,
Home Equity Line of Credit ,
Investors ,
Loans ,
Mortgages ,
Pilot Programs ,
Prudential Regulation Authority (PRA) ,
Securities ,
Securitization ,
UK
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
6/13/2024
/ Breach Notification Rule ,
Customer Information ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Popular ,
Reporting Requirements
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data...more
Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated...more
The White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern. This executive order is expected to be...more
On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
On November 21, 2023, the Colorado Attorney General (the “AG”) published a shortlist of potential universal opt-out mechanisms (“UOOMs”) that the AG is considering recognizing as binding under the Colorado Privacy Act (the...more
Our Privacy, Cyber & Data Strategy Group considers the nationwide repercussions of Colorado’s new regulation of insurers’ use of artificial intelligence models to prevent race-based discrimination....more
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
On July 20, 2023, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”), and the Federal Trade Commission (“FTC”) published a joint letter sent to approximately 130 hospital systems...more
Corporate legal departments are increasingly receiving requests from business clients to use ChatGPT or similar “generative AI” tools in their operations. These requests can be urgent, with business clients demanding...more
Nearly every website has some means of tracking user data to fix bugs and improve the user experience. The plaintiffs’ bar has been actively filing class actions alleging many of these technologies illegally collect user...more
Artificial intelligence (AI) is expanding into more industries (often in surprising ways) and has inevitably caught the attention of federal and state regulators. Our Privacy, Cyber & Data Strategy Team summarizes the...more
12/12/2022
/ Algorithms ,
Artificial Intelligence ,
Corporate Counsel ,
Data Processors ,
Data Protection ,
Federal Trade Commission (FTC) ,
FinTech ,
Health Technology ,
Machine Learning ,
Medical Devices ,
NIST ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Risk Assessment ,
Technology Sector
Yesterday, October 17, 2022, the California Privacy Protection Agency (“CPPA”) published its first set of Modified Proposed Regulations under the California Privacy Rights Act (“CPRA”). The Modified Regulations have been...more
Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks....more
The Federal Trade Commission has issued new guidance under which consumers or companies should be notified of data breaches “regardless of whether a breach notification law applies.” Our Consumer Protection/FTC Team analyzes...more
On January 26, 2022, the Georgia General Assembly introduced a bill titled the Georgia Computer Data Privacy Act (GCDPA). Despite its title, the GCDPA is not a “computer”-focused bill. It is instead is an omnibus privacy...more
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests...more
Today, the European Commission published finalized versions of new Standard Contractual Clauses (SCCs). The Commission has published two sets of clauses....more