U.S. Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

On November 18, 2021, a group of federal bank regulators announced a final rule requiring banks to notify their primary federal regulator of any “significant computer-security incidents.” Regulators must be notified no later than 36 hours after the bank has determined that the incident triggers the rule’s notification requirement. Further, bank service providers are now required to promptly notify all affected banks whenever a cybersecurity disruption lasts for four or more hours. (more…)

SEC Identifies Deficiencies From its Electronic Investment Advice Initiative

On November 9, 2021, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS) released a risk alert (Risk Alert) concerning deficiencies it observed in its examinations of advisers providing electronic advisory services, including advisers known as “robo-advisers.”1 Those deficiencies were in the areas of the robo-advisers’ compliance programs, portfolio management practices (including advisers’ fiduciary obligations), and marketing/performance advertising. (more…)

Fireside Chat: Earning Public Trust Amid Heightened Tech Regulation

On October 19, 2021, Sidley partner Alan Raul engaged in a fireside chat with Julie Brill, Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel of Microsoft at the Reuters Events’ Legal Leaders 2021 Conference. (more…)

FTC Issues Civil Penalty Notice to 700 Companies Regarding Endorsements and Reviews

The U.S. Federal Trade Commission (FTC) on October 13 published a Notice of Penalty Offenses advising more than 700 companies that they could incur significant civil penalties if they use endorsements in ways that run counter to the FTC’s guidance. The FTC, in its own words, “blanket[ed] industry” with these notices to send a “clear message” that companies cannot use “fake reviews and other forms of deceptive endorsements” to “cheat consumers and undercut honest businesses.” (more…)

Changes to FTC Rulemaking Procedures Herald More Aggressive Action on Consumer Privacy

On July 22, 2021, the Federal Trade Commission finalized important changes to its procedures for rulemaking under Section 18 of the FTC Act. Section 18 authorizes the Commission to make regulations, termed “Trade Regulation Rules,” (or “Magnuson-Moss Rules” after their authorizing statute), which “define with specificity” conduct that violates the FTC Act’s ban on “unfair or deceptive” business practices. Section 18 rules are promulgated through a “hybrid rulemaking” process that includes, if an interested party requests it, an “informal hearing” with limited opportunities for oral presentation and cross-examination by representatives of stakeholder groups. (more…)

Rohit Chopra Confirmed as CFPB Director; Historically Active Enforcement and Regulatory Regime Begins

On September 30, the U.S. Senate confirmed Commissioner Rohit Chopra of the Federal Trade Commission as the new Director of the Consumer Financial Protection Bureau (CFPB). Director Chopra is expected to usher in a regime of dramatically increased enforcement and creative, expansive regulation. Many financial institutions will have questions and concerns about the CFPB, how it will affect their businesses and operations, and how to productively engage with this exceptionally powerful and opaque regulator. It is now more important than ever to closely follow the work of the CFPB as new leadership seeks to aggressively employ all of the agency’s tools in service of the American consumer. (more…)

SEC Fines Alternative Data Provider for Securities Fraud

On September 14, 2021, the U.S. Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities.  (more…)

Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon

This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, Privacy and the Pandemic. Welcoming attendees and kicking off the event, Commissioner Rebecca Kelly Slaughter called for minimization of data abuses and for a move away from the notice and consent model of privacy in favor of data minimization. PrivacyCon topics are selected by the FTC and often seen as an indication of enforcement priorities. (more…)

Sidley Privacy and Cybersecurity Roundtable

Please join Sidley’s Privacy and Cybersecurity Group for a two-part discussion with UK government officials with a focus on data transfer and innovation.

UK Data Protection and Data Transfers – New Directions

In this Chatham House discussion, our panelists will cover:

  • Data Transfers to the U.S. and Developments on “Adequacy”
  • G7 and OECD Data Protection Initiatives
  • UK Regulation of Data and Promotion of Innovation

(more…)

UK Government Publishes UK Approach to International Transfers, Including Data Adequacy

On August 26, 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its mission statement setting out the UK approach to adequacy assessments and international data transfers, alongside a Manual Template and Manual Guidance for undertaking adequacy assessments and an infographic map illustrating ten priority countries forming part of that process. This release forms part of a broader package of measures announced by DCMS to “seize the opportunities of data to boost growth, trade and improve its public services” following the UK’s exit from the EU, which included an announcement that John Edwards (the current New Zealand Privacy Commissioner) is the Government’s preferred nominee to be the next UK Information Commissioner. (more…)