Privacy, Data and Cybersecurity Quick Clicks | Issue 19

Christopher Cole, David Dickstein, Nicholas Gervasi, Michael Justus, Susan Light, Richard Marshall, Trisha Sircar
Katten Muchin Rosenman LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.

To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.

New Colorado AI Act Targeting 'Algorithmic Discrimination' Provides AI Compliance Lessons

By Michael Justus

Starting February 1, 2026, businesses must comply with requirements of the Colorado AI Act (the Act) (SB 205) if they use artificial intelligence (AI) tools to make "consequential" decisions about Colorado consumers' education, employment, financial or lending services, essential government services, health care, housing, insurance or legal services. The new law focuses on addressing "algorithmic discrimination" by high-risk AI systems but also requires that any AI system that interacts with consumers (even if not high-risk) must disclose to consumers that they are interacting with an AI system, unless that would be obvious to a reasonable person. Read more about duties imposed by the new law and its various exemptions.

Supervising FINfluencers' Social Media Spin: Don't Believe Everything You View on Your Phone

By Christopher Cole, Michael Justus, Susan Light and Nicholas Gervasi

In the all-encompassing age of social media, a new breed of influencers has emerged — FINfluencers, or financial influencers. These individuals leverage their significant number of followers on social media platforms such as Instagram, TikTok, YouTube and X (formerly Twitter) to make those followers aware of a broker-dealer and its services. While FINfluencers can make general financial literacy more accessible and reach an audience not traditionally targeted, broker-dealers need to consider the implications of these promotional communications. Read more about how social media streams can trigger certain regulatory obligations for firms and expose gaps in supervisory procedures.

New Rules for Investment Advisers and Brokers Relating to Cybersecurity Breaches

By David Dickstein and Richard Marshall

On May 16, the Securities and Exchange Commission unanimously approved amendments to Regulation S-P, which imposes new rules relating to cybersecurity breaches involving investment advisers and brokers. Larger entities must comply with the new rules by January 3, 2026, and smaller entities must comply with the new rule by June 3, 2026. Read more about Regulation S-P's three main components regarding an information safeguards rule, privacy rules and an information disposal rule.

NYDFS Releases Circular Letter on the Use of AI and Data in Insurance Underwriting and Pricing

By Trisha Sircar

On July 11, the New York Department of Financial Services (NYDFS) issued Circular No. 7 Re: Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing (Circular Letter). The Circular Letter emerged from the initial draft circular letter issued by NYDFS on January 17, 2024, and sets forth the department's guidelines for insurers authorized to write insurance in New York that use artificial intelligence systems, external consumer data and information sources for underwriting, as well as pricing insurance policies and annuity contracts. Read more about the Circular Letter's scope, applicability and fairness principles.

EU AI Act Published in the Official Journal of the European Union

By Trisha Sircar

On July 12, the EU Artificial Intelligence Act, Regulation (EU) 2024/1689 (EU AI Act), was published in the Official Journal of the European Union. It is the first comprehensive legal framework for the regulation of AI systems across the European Union and will closely follow the prior versions of the text. The EU AI Act will enter into force across all EU Member States on August 1, 2024, and the enforcement of the majority of its provisions will apply from August 2, 2026. Read more about the EU AI Act's transition period and key dates.

The California Regulator Publishes New CCPA Regulations for Public Comment

By Trisha Sircar

On July 15, the California Privacy Protection Agency (CPPA) released official materials ahead of its July 16 Board meeting. The materials include draft regulations for automated decision-making technology, risk assessments and cybersecurity audits that will be discussed for potential rulemaking. The CPPA Board had previously voted to advance the draft regulations for official rulemaking on March 8, 2024. Read more about the draft regulations and adoption of the formal rulemaking process.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Katten Muchin Rosenman LLP | Attorney Advertising

Written by:

Katten Muchin Rosenman LLP
Katten Muchin Rosenman LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Katten Muchin Rosenman LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide