Category

Enforcement

11 September 2017

FinTech and Regulatory Sandboxes in the UK, Hong Kong and Singapore

As the FinTech industry continues to expand, regulators around the globe are starting to react. The past 18 months have seen the emergence of a new trend in financial services regulation, the “sandbox.”

Since the launch of the UK’s regulatory sandbox in May 2016, regulators across the globe have adopted similar frameworks. There are now regulatory sandboxes in Abu Dhabi, Australia, Canada, Hong Kong, Lithuania, Singapore, Switzerland and Thailand, to name a few, and the European Union recently set out proposals for a possible EU-wide regulatory sandbox. (more…)

SHARE
EmailPrintShare
06 September 2017

Regulatory Update: NAIC Summer 2017 National Meeting

The National Association of Insurance Commissioners held its Summer 2017 National Meeting in Philadelphia, Pennsylvania from August 6 to 9, 2017. This Sidley Update summarizes the highlights from this meeting. (more…)

SHARE
EmailPrintShare
31 August 2017

Delaware Expands Data Breach Notification Statute

Governor John Carney signed Delaware’s updated breach notification law on August 17, 2017.  The revised law, which will come into force on April 14, 2018, includes key changes to the definition of personal information, introduces credit monitoring obligations, and heightens notice requirements. The law will also create new general information security requirements. (more…)

SHARE
EmailPrintShare
23 August 2017

FTC Uber Settlement Mandates a Comprehensive Privacy Program, Sheds Light on “Reasonable Data Security” Expectations, and Underscores Importance of Insider Threat Prevention

On August 15, the FTC announced that it had reached an agreement with Uber to settle allegations that the company had made deceptive claims about its privacy and data security practices. The FTC’s settlement with Uber has important implications for privacy and data security measures that companies could take, and the representations they and their employees make in these areas. It also shed greater light on what the FTC means by “reasonable data security” measures that companies should implement, and underscores the importance of maintaining a robust insider threat prevention program. (more…)

SHARE
EmailPrintShare
17 August 2017

Influential Stakeholders Debate a Cross-Sector Approach in Using Big Data for Improving Human Health

Big Data has been a hot topic of discussion in recent years. This was especially the case in Brussels, where the fiercely debated EU General Data Protection Regulation (GDPR) was adopted in 2016. A major concern for all of us is personal privacy. Less discussed is the use of Big Data for social good.

A traditional sectoral approach to harnessing the potential of Big Data for social good is insufficient. This is the case in terms of organisations from different sectors partnering to develop new technologies. It also means that legislation and policies on Big Data must be forward thinking and facilitate cross-sectoral co-operation. (more…)

SHARE
EmailPrintShare
16 August 2017

SEC’s OCIE Cybersecurity Risk Alert Announces Cybersecurity 2 Observations

On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a cybersecurity Risk Alert summarizing its observations from its second cybersecurity survey of financial services firms.  Overall, OCIE observed increased cybersecurity preparedness since its first 2014 “Cybersecurity 1” Initiative, but also the SEC noted a number of areas where compliance and oversight merit attention.  Perhaps the most general observation from the “Cybersecurity 2” risk alert is that, while the OCIE noted that most firms now have written policies and procedures, the message was clear that simply having a generic policy is not adequate.  Firms must instead have policies that are adapted to their actual operations as well as procedures that demonstrate the implementation of these policies and documented results of compliance with those procedures.  (more…)

SHARE
EmailPrintShare
14 August 2017

State Privacy Laws: New Jersey Passes Consumer Privacy Act

State laws governing the collection and use of personal information continue to proliferate. The latest comes from New Jersey, which on July 21, 2017, signed into law legislation that restricts a merchant’s ability to collect personal data of shoppers and share such data with third parties.  New Jersey’s Personal Information Privacy and Protection Act permits retailers to scan an identification card only for certain purposes—such as verifying the consumer’s identity—and requires retailers to store such data securely.  Further, a retailer may not share the data with a third party unless the retailer discloses its data-sharing practices to the consumer. (more…)

SHARE
EmailPrintShare
10 August 2017

Greater Protection for Individuals and Larger Fines for Organisations Under a New UK Data Protection Bill

In a statement of intent published on 7 August 2017, the UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill (the “Bill”). The Bill will incorporate the new EU General Data Protection Regulation (the “GDPR”) into UK law.

According to the UK’s Minister of State for Digital, Matt Hancock, the Bill will “give [the UK] one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.” (more…)

SHARE
EmailPrintShare
04 August 2017

Singapore’s Privacy Watchdog Proposes Changes to Personal Data Protection Act

Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation into a proposed revision to the law that would require reporting of certain data breaches. Singapore currently uses a voluntary approach to data breach notifications, but, according to the PDPC, this has resulted in uneven notification practices. Under the proposals, it will be mandatory for organizations to inform customers of personal data breaches that pose any risk of impact or harm to the affected individual as soon as they are discovered. If an incident involves 500 or more individuals, organizations will need to notify the PDPC as soon as possible but no later than 72 hours after discovery of the breach. The proposals aim to allow individuals to take steps to protect their interests in the event of a data breach, for example, by changing their password. (more…)

SHARE
EmailPrintShare
03 August 2017

House Panel Advances Bill to Ease Safety Restrictions on Autonomous Vehicles

Federal legislation on the regulation of self-driving cars may be gaining traction.  The House Energy and Commerce Committee approved a bipartisan bill that would ease safety restrictions on self-driving cars and preempt state laws banning “highly automated systems” or self-driving vehicles to allow designers to test and deploy cars on the road.  The Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act (the “SELF DRIVE Act”) bill passed the House Committee with a 54-0 vote.  It would facilitate the release by automakers of 25,000 automated vehicles in the first year and up to 100,000 automated vehicles annually, starting in the third year after the bill’s effective date.  (more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator