On March 23, 2025, 23andMe Holding Co. (“23andMe”) filed for bankruptcy in the Eastern District of Missouri, potentially setting in motion the sale of genetic data collected from more than 15 million people. This has led to...more
The New York State legislature passed the Health Information Privacy Act (“NYHIPA”) on January 22, 2025, marking the second state to introduce a comprehensive consumer health data law. If passed, the NYHIPA imposes more...more
3/6/2025
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Legislation ,
New York ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Privacy Laws ,
State Privacy Laws
On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial...more
3/5/2025
/ Algorithms ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Disclosure Requirements ,
New Legislation ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Virginia
On December 24, 2024 and January 13, 2025, the Oregon Attorney General’s Office and the California Attorney General’s Office published advisories (collectively, “Advisories”) explaining how existing statutes may be used to...more
2/4/2025
/ Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Protection Laws ,
Data Privacy ,
Oregon ,
Privacy Laws ,
Regulatory Oversight ,
State Privacy Laws ,
Unfair Competition ,
Unfair or Deceptive Trade Practices
Late last week, a new generative AI large language model called DeepSeek was publicly launched by two Chinese entities, the Hangzhou and Beijing DeepSeek Artificial Intelligence Cos. Ltd. DeepSeek is currently driving...more
In the final week of the Biden Administration’s term in office, former President Biden issued two high profile executive orders that could have significant ramifications for the cybersecurity and technology industries. The...more
On January 13, 2025, California Attorney General (“AG”) Rob Bonda issued an advisory describing providers’ and businesses’ obligations related to the development, sale, and use of artificial intelligence (“AI”) and automated...more
On January 7, 2025, the Department of Homeland Security released its first “Playbook for Public Sector Generative Artificial Intelligence Deployment (“Playbook”) to serve as a comprehensive guide for DHS and other public...more
On October 24, 2024, President Biden signed the first-ever National Security Memorandum (“NSM”) focused on artificial intelligence (“AI”), pursuant to subsection 4.8 of Executive Order 14110. The NSM provides guidance on...more
On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services...more
On July 30, 2024, the New York Attorney General Letitia James announced she had completed an investigation into the tracking technology practices of popular websites, and used this to create website privacy guides on online...more
On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data...more
8/12/2024
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Discrimination ,
Enforcement Priorities ,
Insurance Industry ,
NYDFS ,
Pricing ,
Regulatory Oversight ,
Risk Management ,
Transparency ,
Underwriting ,
Vendor Contacts
Our Privacy, Cyber & Data Strategy Group analyzes important guidance from the NYDFS on how insurers use external consumer data and information sources and artificial intelligence systems....more
On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security...more
Welcome to the latest edition of the Spectrum, covering hot-topic issues in the structured finance markets in the U.S. and UK. This edition features the new UK securitization regime, eHELOCs, and climate risk disclosures....more
8/7/2024
/ Asset Management ,
Blockchain ,
Capital Markets ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Due Diligence ,
Federal Trade Commission (FTC) ,
Fees ,
FHFA ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Markets ,
Financial Regulatory Reform ,
Financial Services Industry ,
Foreign Investment ,
Freddie Mac ,
Home Equity Line of Credit ,
Investors ,
Loans ,
Mortgages ,
Pilot Programs ,
Prudential Regulation Authority (PRA) ,
Securities ,
Securitization ,
UK
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
6/13/2024
/ Breach Notification Rule ,
Customer Information ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Popular ,
Reporting Requirements
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data...more
Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated...more
The White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern. This executive order is expected to be...more
On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
On November 21, 2023, the Colorado Attorney General (the “AG”) published a shortlist of potential universal opt-out mechanisms (“UOOMs”) that the AG is considering recognizing as binding under the Colorado Privacy Act (the...more
Our Privacy, Cyber & Data Strategy Group considers the nationwide repercussions of Colorado’s new regulation of insurers’ use of artificial intelligence models to prevent race-based discrimination....more
In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally...more
On July 20, 2023, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”), and the Federal Trade Commission (“FTC”) published a joint letter sent to approximately 130 hospital systems...more