The new year brings with it several state privacy law developments, including the effective dates for comprehensive privacy legislation in Delaware, Iowa, Nebraska and New Hampshire. The effective date of New Jersey’s new privacy law will follow mid-month, on January 15. Among this flurry of new state law obligations, however, privacy officers should not lose sight of continuing developments in states that help pioneer the wave of state privacy laws, such as in Colorado.
Several categories of UK financial services firms, including banks, insurers, electronic money institutions, and payment institutions, are required to comply with new requirements on operational resilience beginning 31 March 2025.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2025-01-07 10:39:472025-01-07 10:39:47UK Operational Resilience Rules: Are You Ready for 31 March 2025?
On December 19, 2024, the Chief Counsel of the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA or the Agency) signed a notice of proposed rulemaking (NPRM) in which the Agency proposed a sweeping voluntary program relating to the evaluation and oversight of motor vehicles equipped with automated driving systems (ADS). NHTSA defines ADS-equipped vehicles, which can also be called autonomous vehicles (AVs), as vehicles designed to fully perform the driving task without any expectation of an attentive human driver.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2024/12/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_8.jpg606833Justin A. Savagehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJustin A. Savage2024-12-31 10:08:032024-12-31 10:08:03NHTSA Proposes Sweeping Voluntary Program for Vehicles With Automated Driving Systems
As 2024 draws to a close, we look ahead to notable upcoming cyber developments in the new year. From the adoption of new cyber laws to the initiation of infringement proceedings by the European Commission against a number of EU Member States for alleged failures to adequately implement the EU Network and Information Systems Security 2 Directive, the EU continues to emphasize cybersecurity in a rapidly evolving legal and technological environment. There are no signs of this momentum slowing down in 2025.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2024-12-23 12:21:342024-12-23 12:21:34Looking Ahead to 2025 in EU Cybersecurity Developments
On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.
On December 10, 2024, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule with technical changes for the Medicare Advantage (MA) Program and the Medicare Prescription Drug Benefit Program for Calendar Year 2026 (Proposed Rule). Citing the growing use of Artificial Intelligence (AI) within the healthcare sector and reports that the use of AI may lead to “algorithmic discrimination” that exacerbates inequalities within healthcare, CMS proposes, for the first time, new guardrails that must be adopted by MA plans when using AI to manage patient care. CMS also proposes several reforms addressing utilization management (UM) techniques adopted by MA plans, including requirements for such plans to conduct and report detailed analyses on the use of prior authorizations. Notably, the Proposed Rule primarily modifies MA regulations, without direct application to the Medicare Part D prescription drug program.
Sidley thought leaders explored risks and opportunities of a second Trump administration in a “lightning round”, covering key practice areas. Change is coming and along with it, new and fast-paced risks and opportunities.
Check out the November edition of Spotlight on Women in Privacy! Esther Silberstein shares her views on why she loves being a privacy professional, the best professional advice she ever received, what she’s closely watching now, and how she unwinds.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngData Matters Contributors2024-12-17 12:02:562024-12-17 12:02:56Spotlight on Women in Privacy: Esther Silberstein
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Colorado Finalizes Privacy Act Rules: Key Updates for Businesses
The new year brings with it several state privacy law developments, including the effective dates for comprehensive privacy legislation in Delaware, Iowa, Nebraska and New Hampshire. The effective date of New Jersey’s new privacy law will follow mid-month, on January 15. Among this flurry of new state law obligations, however, privacy officers should not lose sight of continuing developments in states that help pioneer the wave of state privacy laws, such as in Colorado.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Ben Cross
Chicago
bcross@sidley.com
UK Operational Resilience Rules: Are You Ready for 31 March 2025?
Several categories of UK financial services firms, including banks, insurers, electronic money institutions, and payment institutions, are required to comply with new requirements on operational resilience beginning 31 March 2025.
(more…)
Francesca Blythe
London
fblythe@sidley.com
James Phythian-Adams
London
jphythianadams@sidley.com
Max Charles Savoie
London
msavoie@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Paida Manhambara
London
pmanhambara@sidley.com
Julie Rodriguez
London
julie.rodriguez@sidley.com
NHTSA Proposes Sweeping Voluntary Program for Vehicles With Automated Driving Systems
On December 19, 2024, the Chief Counsel of the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA or the Agency) signed a notice of proposed rulemaking (NPRM) in which the Agency proposed a sweeping voluntary program relating to the evaluation and oversight of motor vehicles equipped with automated driving systems (ADS). NHTSA defines ADS-equipped vehicles, which can also be called autonomous vehicles (AVs), as vehicles designed to fully perform the driving task without any expectation of an attentive human driver.
(more…)
Justin A. Savage
Washington, D.C.
jsavage@sidley.com
Rose Quam-Wickham
Washington, D.C.
rquamwickham@sidley.com
Lauren E. DeCarlo
Chicago
lauren.decarlo@sidley.com
Looking Ahead to 2025 in EU Cybersecurity Developments
As 2024 draws to a close, we look ahead to notable upcoming cyber developments in the new year. From the adoption of new cyber laws to the initiation of infringement proceedings by the European Commission against a number of EU Member States for alleged failures to adequately implement the EU Network and Information Systems Security 2 Directive, the EU continues to emphasize cybersecurity in a rapidly evolving legal and technological environment. There are no signs of this momentum slowing down in 2025.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
William RM Long
London
wlong@sidley.com
Consumer Financial Protection Bureau Releases Proposed Rule on Fair Credit Reporting Act
On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Thomas G. Ward
Washington, D.C.
tgward@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Sean A. Smith
Washington, D.C.
sean.smith@sidley.com
Kerry Nilsen
Washington D.C.
knilsen@sidley.com
Jordyn R. Singer
Washington, D.C.
jordyn.singer@sidley.com
CMS Proposes Artificial Intelligence Limits and Utilization Management Guardrails for Medicare Advantage
On December 10, 2024, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule with technical changes for the Medicare Advantage (MA) Program and the Medicare Prescription Drug Benefit Program for Calendar Year 2026 (Proposed Rule). Citing the growing use of Artificial Intelligence (AI) within the healthcare sector and reports that the use of AI may lead to “algorithmic discrimination” that exacerbates inequalities within healthcare, CMS proposes, for the first time, new guardrails that must be adopted by MA plans when using AI to manage patient care. CMS also proposes several reforms addressing utilization management (UM) techniques adopted by MA plans, including requirements for such plans to conduct and report detailed analyses on the use of prior authorizations. Notably, the Proposed Rule primarily modifies MA regulations, without direct application to the Medicare Part D prescription drug program.
(more…)
Meenakshi Datta
Chicago
mdatta@sidley.com
Catherine Y. Starks
Chicago
cstarks@sidley.com
Mariya Denisko
Chicago
mariya.denisenko@sidley.com
Post-Election Landscape: New Risks, New Opportunities
Sidley thought leaders explored risks and opportunities of a second Trump administration in a “lightning round”, covering key practice areas. Change is coming and along with it, new and fast-paced risks and opportunities.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Spotlight on Women in Privacy: Esther Silberstein
Check out the November edition of Spotlight on Women in Privacy! Esther Silberstein shares her views on why she loves being a privacy professional, the best professional advice she ever received, what she’s closely watching now, and how she unwinds.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com