In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission regarding data and AI.
U.S. Department of Commerce Set to Issue New Cryptographic Standards
To address the evolving cybersecurity threats posed by quantum computing, the National Institute of Standards and Technology (NIST) has announced that it will issue three new types of encryption algorithms as soon as July 2024. In a recent statement, White House Deputy National Security Adviser Anne Neuberger detailed the threats caused by quantum computing, noting that its ability to perform calculations in parallel—rather than sequentially—vastly accelerates processing and could eradicate encryption systems. These developments are part of a continued federal effort to prepare for the arrival of a quantum computer. In 2022, the U.S. Senate passed the Quantum Computing Cybersecurity Preparedness Act, which sought to address some of the threats to cryptography by enabling government agencies to require contracted companies to adhere to NIST standards.
SEC Provides New Guidance on Voluntary Cybersecurity Breach Reporting
On May 21, 2024, the Securities and Exchange Commission (SEC) issued a statement advising companies to separately file material cybersecurity events under a special type of filing, known as a Form 8-K Item 1.05. The SEC has cautioned that companies should only use the Form 8-K Item 1.05 for breaches that will materially alter their financial results, or that investors expect to be financially significant. In tandem with this guidance, the SEC has advised companies to use a separate type of form 8-K for any voluntary reports regarding immaterial cybersecurity breaches.
CFPB Looks to Limit Information in Credit Reports
The Consumer Financial Protection Bureau (CFPB) may soon ban medical bills and other forms of consumer financial data from credit reports. Earlier this month, Rohit Chopra, head of the CFPB, signaled that the agency could issue several rewrites to rules implementing the 1970 Fair Credit Reporting Act. Although three of the largest credit reporting agencies (TransUnion, Equifax and Experian) have already voluntarily removed most medical debt from credit reports, the CFPB aims to codify this requirement in the coming months.
Department of Commerce Announces Plans for U.S. Artificial Intelligence Safety Institute
On May 21, 2024, the U.S. Department of Commerce released a strategic vision for the U.S. Artificial Intelligence Safety Institute (AISI). Housed within the National Institute of Standards and Technology, AISI is a relatively new organization designed to assist NIST with implementing its priorities under President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. AISI will work to develop science-based metrics, tools and guidelines for government and the public to utilize AI models, mitigate identified risks and promote safe AI innovation. In addition to promoting the adoption of AISI guidelines and AI safety measures, the strategic vision statement detailed AISI plans to develop an international network among AI safety institutes, national research organizations, and multilateral entities like the OECD and G7.
Biden-Harris Administration Unveils Key Steps to Protect Workers from AI Risks
In a statement released on May 16, 2024, the Biden-Harris Administration announced a set of principles applicable to the development and deployment of AI systems in the workplace. The U.S. Department of Labor established the principles pursuant to President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development of Artificial Intelligence. The principles aim to promote employment and worker rights throughout AI deployments and to ensure the responsible use of worker data by AI systems. Technology companies Microsoft and Indeed have already committed to adopt the principles.
[View source.]
