Data Matters In Cybersecurity

Largely dormant for the last 25 years, Illinois’ Genetic Information Privacy Act (GIPA) has been sharing the limelight recently with its sibling, the Biometric Information Privacy Act. (BIPA). GIPA includes a number of restrictions related to the use and disclosure of genetic testing and genetic information, and it provides a private right of action and permits recovery of steep statutory damages. In 2023 alone, over 50 GIPA complaints were filed, and new suits continue to be filed in 2024. In this article, published on AML Law.com, Sidley lawyers Kathleen Carlson, Lawrence Fogel, and Colleen Brown explore some of GIPA’s emerging issues and unanswered questions. The post A New Wave of Class Actions: The Genetic Information Privacy Act appeared first on Data Matters Privacy Blog.

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover. The post Top 10 Questions on the EU AI Act appeared first on Data Matters Privacy Blog.

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties. The post EU Formally Adopts Cyber Law for Connected Products appeared first on Data Matters Privacy Blog.

The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding. The post Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity appeared first on Data Matters Privacy Blog.

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, and continued development of accounting principles and investment limitations related to certain types of bonds and structured securities. The post Regulatory Update: National Association of Insurance Commissioners Spring 2024 National Meeting appeared first on Data Matters Privacy Blog.

On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the U.S. banking agencies and the National Credit Union Administration, issued a request for information (RFI) regarding the customer identification program (CIP) requirement for depository institutions (referred to herein as banks) to collect tax identification numbers (TINs).1 Comments are due by May 28, 2024. The post FinCEN Seeks Input on Banks’ Collecting Partial Social Security Numbers for Customer Identification Programs appeared first on Data Matters Privacy Blog.

On March 28, 2024, in US v. EZ Lynk, the U.S. District Court for the Southern District of New York dismissed the Department of Justice’s (DOJ) claim that an automotive device manufacturer violated Section 203 of the Clean Air Act (CAA), holding that Section 230 of the Communications Decency Act (CDA) provided complete immunity from CAA liability for the sale of certain aftermarket automotive devices. This decision of first impression offers an important precedent in the automotive industry and beyond. The decision gives effect to the CDA as drafted and will make it significantly harder for the government to hold manufacturers and online retailers liable for content, including software, created and sold by third parties. The post District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations appeared first on Data Matters Privacy Blog.

On Feb. 26, the White House’s Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” aligns with the Biden administration’s current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability. In this article, published by Law360 on March 26, Sidley lawyers Alan Charles Raul, Stephen McInerney and Vishnu Tirumala discuss the ONCD report and provide key take-aways for software developers and manufacturers, their senior management, and boards. The post Cybersecurity Takeaways From White House Tech Report appeared first on Data Matters Privacy Blog.

As the state boasting the headquarters of the International Association of Privacy Professionals, many have been watching the development of the New Hampshire comprehensive consumer data privacy law with great interest, wondering if it may be a practical model for the nation. On March 6, 2024, Governor Chris Sununu signed SB 255-FN (“the Act”) into law. In some respects, New Hampshire’s privacy law is comparatively more moderate than some other state laws. For instance, the New Hampshire Secretary of State’s rulemaking authority under the Act is currently limited to establishing requirements for privacy notices. This narrow extension of rulemaking authority is a divergence from the broad rulemaking authority granted by California, Colorado, and other states. The New Hampshire law does not allow for a private right of action. There is a right to cure alleged violations through the first year the law is in force; afterwards, the opportunity to cure is left to the Attorney General’s discretion. The legislation will take effect on January 1, 2025. The post New Hampshire’s Comprehensive Data Privacy Legislation appeared first on Data Matters Privacy Blog.

On March 13, 2024, the European Parliament formally adopted the EU Artificial Intelligence Act (“AI Act”) with a large majority of 523-46 votes in favor of the legislation. The AI Act is the world’s first horizontal and standalone law governing AI, and a landmark piece of legislation for the EU. The post EU Formally Adopts World’s First AI Law appeared first on Data Matters Privacy Blog.