New York City (NYC) has delayed to April 15, 2023 the enforcement of its first-of-its-type law on bias in artificial intelligence (AI) tools used in employment. Local Law 144 of 2021 prohibits employers in NYC from using...more
2/16/2023
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Corporate Counsel ,
EEO-1 ,
Employer Liability Issues ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
Job Applicants ,
Proposed Rules ,
Unconscious Bias
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
2/10/2023
/ California Consumer Privacy Act (CCPA) ,
Data Security ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
NAIC ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Rules ,
Working Groups
In a groundbreaking decision, the Federal Trade Commission (FTC) announced it was diagnosing GoodRx’s use of tracking pixel codes and analytics, its digital strategy, as not only an unfair or deceptive act or abusive practice...more
2/9/2023
/ Behavioral Advertising ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Data Breach ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internal Controls ,
Microsoft ,
Personal Information ,
Pharmacies ,
PHI ,
Sensitive Personal Information ,
Social Networks ,
UDAP ,
Unfair or Deceptive Trade Practices
On January 26, 2023, the National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (AI RMF or Framework.) The AI RMF is a resource for organizations designing, developing, deploying, or...more
Lloyds Market Bulletin Y5381 -
Back in March 2022, we detailed the significant risks to both insureds and insurers posed by unclear cyber insurance policy wordings, with a particular focus on war exclusion clauses in the...more
Recently, US companies are experiencing a surging wave of consumer class action lawsuits alleging businesses and their software providers are violating state anti-wiretapping statutes and invading consumers’ privacy rights...more
On October 4, 2022, the White House Office of Science and Technology Policy (OSTP) issued the Blueprint for an AI Bill of Rights (the Blueprint), which lays out guidelines for companies to use to protect the public...more
On September 27, 2022, 15 broker-dealers and one investment adviser agreed to pay more than $1.8 billion in total civil penalties to the US Securities and Exchange Commission (SEC), and, for those same companies or affiliates...more
10/5/2022
/ Broker-Dealer ,
CFTC ,
Civil Monetary Penalty ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Electronic Communications ,
Enforcement Actions ,
Financial Industry Regulatory Authority (FINRA) ,
Futures Commission Merchants (FCMs) ,
Investment Adviser ,
New Guidance ,
Securities and Exchange Commission (SEC) ,
Swap Dealers ,
Swaps ,
Text Messages
Experts estimate that within the next decade or so, adversaries will have the capacity to use quantum computing to break the encryption on virtually all existing digital databases. This is why it is highly significant...more
On July 8, 2022, the California Privacy Protection Agency (the CPPA) officially began the formal rulemaking process for the California Privacy Rights Act (CPRA). The CPPA identified three primary goals for the rulemaking...more
On June 16, 2022, the Federal Trade Commission (FTC) issued a strongly worded report to Congress, “Combatting Online Harms Through Innovation,” warning that policymakers must use “great caution” when mandating the use of...more
Senators Kirsten Gillibrand (D-NY) and Cynthia Lummis (R- WY) introduced new proposed legislation on June 7, 2022, which would classify the vast majority of digital assets as commodities, and empower the Commodities Futures...more
6/14/2022
/ CFTC ,
Commodities ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Digital Assets ,
Environmental Social & Governance (ESG) ,
FERC ,
FinTech ,
Infrastructure Investment and Jobs Act (IIJA) ,
Investment Contract ,
NIST ,
Proposed Legislation ,
Securities and Exchange Commission (SEC)
Connecticut’s new consumer privacy law imposes enhanced privacy disclosures and assessment requirements on businesses, and provides consumer rights similar to those in Europe’s GDPR, the California Privacy Rights Act (CPRA),...more
5/18/2022
/ Consumer Privacy Rights ,
Data Privacy ,
Exemptions ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
Welcome to the latest edition of Updata!
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team - it provides you with a compilation of key privacy and cybersecurity...more
On March 24, 2022, the Utah governor signed a consumer privacy law (the Utah Consumer Privacy Act, UCPA), marking the fourth state law to create enhanced data privacy rights and protections for consumers. The law will go into...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), passed as part of the omnibus spending bill on March 15, 2022, will require critical infrastructure companies - which could include financial...more
Companies should be aware that, as a result of increasing geopolitical instability, there is a heightened risk of cyber-attacks. Particularly in light of the Merck case, they should therefore consider closely examining the...more
3/16/2022
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Malware ,
Military Conflict ,
Policy Exclusions ,
Policy Terms ,
Russia ,
Ukraine
In an Executive Order (EO) issued March 9, 2022, President Joseph Biden set out the guiding principles for US policy on digital assets and digital asset regulation, including US policy with respect to a US Central Bank...more
The Securities and Exchange Commission (SEC) has joined a host of other regulators in doubling down on efforts to protect against the rapidly intensifying cyber threats - with important implications for all SEC-registered...more
The US Department of the Treasury (Treasury) has released the results of its review of economic and financial sanctions first announced in December 2020 by then President-elect Biden (Report). From that review, Treasury has...more
On September 21, 2021, the US Department of the Treasury took actions in response to the increasing prevalence and severity of ransomware attacks in the United States and address the central role that virtual currency and...more
9/27/2021
/ Currency Exchange ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Digital Currency ,
Economic Sanctions ,
Enforcement Actions ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
SDN List ,
U.S. Treasury ,
Virtual Currency
On July 9, 2021, President Biden signed the Executive Order on Promoting Competition in the American Economy. The Order, breathtaking in scope, asserts as a key goal the desire to improve the lives of consumers through...more
7/21/2021
/ Anti-Competitive ,
Biden Administration ,
Competition ,
Consumer Financial Protection Bureau (CFPB) ,
Department of Agriculture ,
Department of Health and Human Services (HHS) ,
Dodd-Frank ,
Employer Liability Issues ,
Employment Contract ,
Executive Orders ,
FCC ,
Federal Reserve ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Insurance Industry ,
Non-Compete Agreements ,
Popular ,
Regulatory Agencies ,
Restrictive Covenants ,
Technology Sector ,
Unfair Labor Practices
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
7/16/2021
/ Adequacy Requirement ,
China ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Protection Authority ,
Data Retention ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
Personal Data ,
Proposed Legislation ,
Russia ,
Social Media ,
Spain ,
Standard Contractual Clauses ,
UK
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more
7/15/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Protection ,
Data Subjects Rights ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Jurisdiction ,
Personal Data ,
Sensitive Personal Information ,
Standard Contractual Clauses ,
State Privacy Laws ,
Statutory Violations
While there are efforts afoot to broaden the impact and reach of US law on hackers, particularly with the US Department of Justice (the DOJ) planning to coordinate ransomware attack investigations with similar protocols it...more