The National Association of Insurance Commissioners (NAIC) held its Summer 2025 National Meeting (Summer Meeting) August 10–13, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include adoption of guidance on asset adequacy testing for reinsurance transactions, renewed focus on the risks of offshore reinsurance transactions, evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI). (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_4.jpg606833Andrew R. Hollandhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAndrew R. Holland2025-09-09 09:04:342025-09-08 17:28:05Regulatory Update: National Association of Insurance Commissioners Summer 2025 National Meeting
Texas has amended its telephone solicitation and telemarketing law (the Texas “mini-TCPA” — after the federal Telephone Consumer Protection Act) to require certain businesses that engage in text marketing to register with the Texas Secretary of State and make detailed disclosures, pay registration fees, and post a $10,000 security deposit. The amendments, which were enacted by Senate Bill 140 and went into effect on September 1, 2025, also make certain violations of the Texas mini-TCPA de facto violations of the state’s deceptive trade practices law, which includes a private right of action and can carry significant penalties. While the law includes several provisions that will likely exempt established businesses that obtain one-to-one opt-in consent for text marketing messages and other types of calls, in light of the substantial fines and private right of action, businesses will want to carefully review the application of these new amendments to their marketing programs.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Garrett Lancehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngGarrett Lance2025-09-04 10:09:372025-09-04 10:09:37Texting in Texas: The State Expands Telemarketing Registration Requirements to Include Text Marketers
On August 26, 2025, the Third Circuit issued an opinion in NRA Group, LLC v. Durenleau, limiting the application of the CFAA in the workplace. In a case of first impression for the Third Circuit, the Court specifically held that employees with legitimate access to company systems did not violate the CFAA by violating their employer’s computer-use policies absent any “evidence of code-based hacking.” Applying the Supreme Court’s Van Buren v. United States “gates-up-or-down” framework, the Third Circuit interpreted “without authorization” and “exceeds authorized access” under the CFAA narrowly – focusing on actual access prohibitions and restrictions. The ruling thus shields workplace computer-use policy violations by current employees, such as password sharing or improper data use, from CFAA liability (both civil and criminal) and steers employers toward other legal remedies.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_11.jpg606833David Lashwayhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid Lashway2025-08-29 15:37:002025-09-04 10:10:13Van Buren in Action: Third Circuit Rejects Application of the Computer Fraud and Abuse Act (CFAA) to Violations of Workplace Policies
Earlier this month, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new Frequently Asked Question (FAQ) related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which establishes national standards to safeguard “protected health information” or “PHI.”
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Elizabeth Hardcastlehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngElizabeth Hardcastle2025-08-29 12:18:232025-08-29 12:18:23New Digital Health Ecosystem and HIPAA Flexibilities Facilitate Sharing of Patient Health Information
Sidley lawyers David Lashway, John Woods, Jennifer Seale, and Francesca Blythe have authored the chapter “Complying with regulatory requirements and SEC guidance” within The Guide to Cyber and Data Privacy Investigations – Fourth Edition. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_16.jpg606833David Lashwayhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid Lashway2025-08-21 09:00:452025-08-20 16:38:46The Guide to Cyber and Data Privacy Investigations – Fourth Edition
The new UK Data (Use and Access) Act 2025 came into force on June 19. Applying in phases through June 2026, the Act will reform, in part, how the UK regulates personal and non-personal data.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2025-08-05 15:26:352025-08-05 16:00:25The UK Data (Use and Access) Act 2025: Implications For Financial Services
The European Commission (Commission) has launched a public consultation on a proposed new law — the Digital Fairness Act (DFA) — aimed at strengthening consumer protection in digital markets. The goal is to fill perceived regulatory “gaps” left by recent EU digital regulations, including the Digital Services Act (DSA) and Digital Markets Act (DMA).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_12.jpg606833Ken Dalyhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngKen Daly2025-08-01 12:05:132025-08-01 12:06:54EU Consults on Digital Fairness Act: Big Changes Ahead for Consumer-Facing Platforms
During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to have an impact on businesses in the remainder of the year and into 2026. These efforts reflect key themes such as increased regulation of teen data and social media platforms, enhanced restrictions on the collection and sale of geolocation and biometric data, simplified opt-out mechanisms for tracking technologies, and broader obligations concerning consumer health data and data minimization. In parallel, significant regulatory activity surrounding AI has emerged, including a new federal AI Action Plan and proposed amendments to the CCPA addressing automated decision-making technologies, alongside a wave of new state AI laws.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Colleen Theresa Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen Theresa Brown2025-07-31 16:45:042025-07-31 16:45:04A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws
Regulatory Update: National Association of Insurance Commissioners Summer 2025 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Summer 2025 National Meeting (Summer Meeting) August 10–13, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include adoption of guidance on asset adequacy testing for reinsurance transactions, renewed focus on the risks of offshore reinsurance transactions, evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI).
(more…)
Andrew R. Holland
New York
aholland@sidley.com
Sara N. Africano
Chicago
safricano@sidley.com
Stephanie H. Dobecki
Chicago
sdobecki@sidley.com
Ellen M. Dunn
New York
edunn@sidley.com
Michael L. Rosenfield
Los Angeles
mrosenfield@sidley.com
Chris H. Burusco
Los Angeles
cburusco@sidley.com
Jacob A. Grossman
Chicago
jgrossman@sidley.com
Texting in Texas: The State Expands Telemarketing Registration Requirements to Include Text Marketers
Texas has amended its telephone solicitation and telemarketing law (the Texas “mini-TCPA” — after the federal Telephone Consumer Protection Act) to require certain businesses that engage in text marketing to register with the Texas Secretary of State and make detailed disclosures, pay registration fees, and post a $10,000 security deposit. The amendments, which were enacted by Senate Bill 140 and went into effect on September 1, 2025, also make certain violations of the Texas mini-TCPA de facto violations of the state’s deceptive trade practices law, which includes a private right of action and can carry significant penalties. While the law includes several provisions that will likely exempt established businesses that obtain one-to-one opt-in consent for text marketing messages and other types of calls, in light of the substantial fines and private right of action, businesses will want to carefully review the application of these new amendments to their marketing programs.
(more…)
Garrett Lance
Washington, D.C.
glance@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Van Buren in Action: Third Circuit Rejects Application of the Computer Fraud and Abuse Act (CFAA) to Violations of Workplace Policies
On August 26, 2025, the Third Circuit issued an opinion in NRA Group, LLC v. Durenleau, limiting the application of the CFAA in the workplace. In a case of first impression for the Third Circuit, the Court specifically held that employees with legitimate access to company systems did not violate the CFAA by violating their employer’s computer-use policies absent any “evidence of code-based hacking.” Applying the Supreme Court’s Van Buren v. United States “gates-up-or-down” framework, the Third Circuit interpreted “without authorization” and “exceeds authorized access” under the CFAA narrowly – focusing on actual access prohibitions and restrictions. The ruling thus shields workplace computer-use policy violations by current employees, such as password sharing or improper data use, from CFAA liability (both civil and criminal) and steers employers toward other legal remedies.
(more…)
David Lashway
Washington D.C.
dlashway@sidley.com
John Woods
Washington, D.C.
jwoods@sidley.com
Philip Robbins
Brad A. Carney
Washington, D.C.
brad.carney@sidley.com
New Digital Health Ecosystem and HIPAA Flexibilities Facilitate Sharing of Patient Health Information
Earlier this month, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new Frequently Asked Question (FAQ) related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which establishes national standards to safeguard “protected health information” or “PHI.”
(more…)
Elizabeth Hardcastle
Washington, D.C.
ehardcastle@sidley.com
Rina Mady
Chicago
rmady@sidley.com
Meenakshi Datta
Chicago
mdatta@sidley.com
Ellie L. DeGarmo
Washington, D.C.
ellie.degarmo@sidley.com
The Guide to Cyber and Data Privacy Investigations – Fourth Edition
Sidley lawyers David Lashway, John Woods, Jennifer Seale, and Francesca Blythe have authored the chapter “Complying with regulatory requirements and SEC guidance” within The Guide to Cyber and Data Privacy Investigations – Fourth Edition. (more…)
David Lashway
Washington D.C.
dlashway@sidley.com
John Woods
Washington, D.C.
jwoods@sidley.com
Jennifer Seale
Washington, D.C.
jseale@sidley.com
Francesca Blythe
London
fblythe@sidley.com
The UK Data (Use and Access) Act 2025: Implications For Financial Services
The new UK Data (Use and Access) Act 2025 came into force on June 19. Applying in phases through June 2026, the Act will reform, in part, how the UK regulates personal and non-personal data.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Paida Manhambara
London
pmanhambara@sidley.com
EU Consults on Digital Fairness Act: Big Changes Ahead for Consumer-Facing Platforms
The European Commission (Commission) has launched a public consultation on a proposed new law — the Digital Fairness Act (DFA) — aimed at strengthening consumer protection in digital markets. The goal is to fill perceived regulatory “gaps” left by recent EU digital regulations, including the Digital Services Act (DSA) and Digital Markets Act (DMA).
(more…)
Ken Daly
Brussels
kdaly@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Monika Zdzieborska
London
mzdzieborska@sidley.com
Bethany Wise
London
bwise@sidley.com
A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws
During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to have an impact on businesses in the remainder of the year and into 2026. These efforts reflect key themes such as increased regulation of teen data and social media platforms, enhanced restrictions on the collection and sale of geolocation and biometric data, simplified opt-out mechanisms for tracking technologies, and broader obligations concerning consumer health data and data minimization. In parallel, significant regulatory activity surrounding AI has emerged, including a new federal AI Action Plan and proposed amendments to the CCPA addressing automated decision-making technologies, alongside a wave of new state AI laws.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com