Data Matters In Cybersecurity

The environment has never been more favorable for existing banking organizations launching a digital asset business and those Fintech and other nonbank companies considering acquiring or chartering a full-service or limited-purpose bank in order to operate a digital asset business. At the end of 2025, U.S. banking regulators continued to take major steps signaling a considerably more open supervisory posture regarding digital asset activities. The post The State of Play in Banking and Digital Assets: Welcome Developments from the Banking Agencies appeared first on Data Matters Privacy Blog.

The National Association of Insurance Commissioners (NAIC) held its Fall 2025 National Meeting (Fall Meeting) December 8–11, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Fall Meeting. Highlights include evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, adoption of guidance regarding the risk transfer analysis for combination reinsurance contracts, discussion of a new committee structure for NAIC investment monitoring activities, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI). The post Regulatory Update: National Association of Insurance Commissioners Fall 2025 National Meeting appeared first on Data Matters Privacy Blog.

On December 11, 2025, President Trump issued a new Executive Order (EO) to protect American Artificial Intelligence (AI) innovation from “the most onerous and excessive laws emerging from the States that threaten to stymie innovation.” Consistent with the President’s July 2025 America’s AI Action Plan, the EO further indicates, “[i]t is the policy of the United States to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” The post Unpacking the December 11, 2025 Executive Order: Ensuring a National Policy Framework for Artificial Intelligence appeared first on Data Matters Privacy Blog.

The 12th edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides an incisive global overview of the legal and regulatory regimes governing data privacy and security. With a focus on recent developments, it covers key areas such as data processors’ obligations; data subject rights; data transfers and localisation; best practices for minimising cyber risk; public and private enforcement; and an outlook for future developments. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. The post The 12th Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity is now available appeared first on Data Matters Privacy Blog.

On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report (2026 Report). The nearly 90-page report highlights emerging risks — including cybersecurity, data privacy, and generative AI (GenAI) — and offers tools and best practices for member firms. It also reemphasizes the perennial focus areas of Regulation Best Interest (Reg BI) compliance, third-party vendor management, best execution, consolidated audit trail (CAT), and compliance with the financial responsibility rules. Below are key takeaways, followed by a deeper dive into notable areas of focus, for some of the topics most relevant for broker-dealers. The post FINRA Issues 2026 Regulatory Oversight Report appeared first on Data Matters Privacy Blog.

The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council. The post EU Digital Omnibus: Implications for MedTech Companies appeared first on Data Matters Privacy Blog.

On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting. The post EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook appeared first on Data Matters Privacy Blog.

Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers. The post Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging appeared first on Data Matters Privacy Blog.

Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors. The post Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live appeared first on Data Matters Privacy Blog.

Industry is increasingly exploring the use of AI chatbots to potentially diagnose and treat various medical conditions, including in the area of mental health. FDA is just beginning to develop its regulatory framework for approved, cleared, or authorized devices in the mental health space based on generative AI technology. The medtech industry, healthcare providers, and the public are closely watching FDA developments and guidance regarding the use of generative AI across the medical device space. The post U.S. FDA and CMS Actions on Generative AI-Enabled Mental Health Devices Yield Insights Across AI Product Development appeared first on Data Matters Privacy Blog.