• Data Matters

    Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy

Categories

Archives

Apr 182023

U.S. Securities and Exchange Commission Proposes Three Rules Related to Cybersecurity, Reopens Comment for One Rule

, ,
Alan Charles Raul, Andrew P. Blake, Colleen Theresa Brown, Charles A. Sommers, Michele L. Aronson, Sasha Hondagneu-Messner, Casey Grant and Philip Robbins

On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) proposed three rules related to cybersecurity and the protection of consumer information and reopened the comment period for a proposed cybersecurity rule for investment advisers and funds. This significant action would impose new cybersecurity requirements for several SEC-registered entities, including with respect to these entities’ policies, incident response and notification procedures, and cybersecurity risk management. This Sidley commentary and analysis discusses the key features of each proposal, including new requirements and differences among each of the proposals.

(more…)

Read more
Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Andrew P. Blake

Washington, D.C.

ablake@sidley.com

Colleen Theresa Brown

Washington, D.C.

cbrown@sidley.com

Charles A. Sommers

Washington, D.C.

csommers@sidley.com

Michele L. Aronson

Washington, D.C.

maronson@sidley.com

Sasha Hondagneu-Messner

New York

shondagneumessner@sidley.com

Casey Grant

Philip Robbins

Apr 102023

New U.S. FDA Draft Guidance Outlines Path To Faster Modification of AI/ML-Enabled Devices

, , , ,
Deeona R. Gaskin, Rebecca K. Wood, Atiq Chowdhury and Eliza Lawless

The U.S. Food and Drug Administration (FDA or Agency) has issued new draft guidance on “Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions”1 that discusses a “science-based approach to ensuring that AI/ML-enabled devices can be safely, effectively, and rapidly modified, updated, and improved in response to new data.”2 This approach should offer more certainty to industry as FDA’s stated goal is to allow AI/ML-enabled devices to be modified faster in accordance with FDA requirements while being “built to adapt to the data and needs of individual health care facilities” and “adapt to deliver treatments according to individual users’ particular characteristics and needs.”3 Those wishing to comment on the draft guidance should note that the comment period closes on July 3, 2023.

(more…)

Read more
Deeona R. Gaskin

Washington D.C.

dgaskin@sidley.com

Rebecca K. Wood

Washington, D.C.

rwood@sidley.com

Atiq Chowdhury

Eliza Lawless

Apr 72023

UK’s OfCom to Publish Guidance on Illegal Content Risk Assessments in Light of Online Safety Bill

, , , ,
William RM Long, Denise Kara and Fjolla Lushta

The UK’s Online Safety Bill (“Bill”), once legislated, will impose duties of care on providers of digital services, social media platforms and other online services to make them responsible for content generated and shared by their users and to mitigate the risk of harm arising from illegal content, and if services are deemed accessible by children, a duty to protect children from harm. As currently drafted, the Bill applies to any service or site that has users in the UK, or targets the UK as a market, even if it is not based in the country. The Bill is currently at the Committee Stage of the legislative process. Although the Bill is expected to receive Royal Assent during 2023, the timeline as to when the provisions will come into force is still unclear.

(more…)

Read more
William RM Long

London

wlong@sidley.com

Denise Kara

Fjolla Lushta

London

flushta@sidley.com

Apr 52023

Chambers 2023 Global Practice Guides for Data Protection & Privacy and Cybersecurity Available

Alan Charles Raul, William RM Long, Eleanor Dodding, João D. Quartilho and Subhalakshmi Kumar

The updated 2023 Chambers Global Practice Guides for Data Protection & Privacy and Cybersecurity, edited by Alan Charles Raul, are available now, covering important developments across the globe and offering insightful legal commentary for businesses.

(more…)

Read more
Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

William RM Long

London

wlong@sidley.com

Eleanor Dodding

London

edodding@sidley.com

João D. Quartilho

Subhalakshmi Kumar

Apr 42023

Equal Employment Opportunity Commission Looks at AI

,
Wendy M. Lazerson, Sheri Porath Rockwell and Sasha Hondagneu-Messner

2023 is rapidly becoming the year of AI policy and regulation.  A particular focus of regulatory concern relates to AI impacts on employees, and the U.S. Equal Employment Opportunity Commission (EEOC) is not sitting on the sidelines.  On January 31, 2023, the EEOC held a public hearing to examine the use of automated systems, including artificial intelligence (AI), in employment decisions.  This hearing, titled “Navigating Employment Discrimination in AI and Automated Systems: A New Civil Rights Frontier,” continues the work of the Artificial Intelligence and Algorithmic Fairness Initiative, which was launched in 2021 by the EEOC.  Through this initiative, the EEOC has already published a guidance titled “The Americans with Disabilities Act and the Use of Software, Algorithms, and Artificial Intelligence to Assess Job Applicants and Employees.” Below are a few high-level takeaways from the hearing:

(more…)

Read more
Wendy M. Lazerson

Palo Alto, San Francisco

wlazerson@sidley.com

Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

Sasha Hondagneu-Messner

New York

shondagneumessner@sidley.com

Mar 302023

UK GDPR Reform Is Back! Department of Science, Innovation and Technology Introduces New Data Protection and Digital Information Bill

, , , ,
William RM Long, Francesca Blythe, Subhalakshmi Kumar and Fjolla Lushta

On 8 March 2023, the newly created Department of Science, Innovation and Technology (“DSIT”) introduced the Data Protection and Digital Information (No. 2) Bill. The “Bill” is in substance a re-introduction of the previous Data Protection and Digital Information Bill which was withdrawn from Parliament on the same day as the new Bill was published. The Bill, which has been hailed by the UK Government as one that will “save billions” and “cut down pointless paperwork” is the UK’s latest attempt to create a more streamlined piece of data protection legislation for the UK whilst still “ensur[ing] data adequacy.” The Information Commissioner’s Office (“ICO”) also welcomed the re-introduction of the Bill, with the Commissioner stating that he would “support [the Bill’s] ambition.” While much of the Bill remains the same as its previous iteration, we set out the key provisions and notable amendments below.

(more…)

Read more
William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com

Subhalakshmi Kumar

Fjolla Lushta

London

flushta@sidley.com

Mar 292023

Biden Administration Announces National Cybersecurity Strategy

, ,
Alan Charles Raul, Lauren Kitces and Vishnu Tirumala

On March 1, 2023, the Biden administration announced its long-awaited National Cybersecurity Strategy. The strategy is part of the administration’s efforts to bolster and modernize public and private responses to cybersecurity threats.

(more…)

Read more
Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Lauren Kitces

Washington, D.C.

lkitces@sidley.com

Vishnu Tirumala

Washington, D.C.

vtirumala@sidley.com

Mar 242023

UK’s New Pro-innovation Approach to Regulating Digital Technologies

, , ,
Patrick J. Harrison, Monika Zdzieborska, Fiona Shajko, Uvini Edirisinghe and Alex Harper

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “Report”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.” In response, the UK Government has accepted all of the Report’s recommendations, and set out some next steps for their implementation.

(more…)

Read more
Patrick J. Harrison

London

pharrison@sidley.com

Monika Zdzieborska

London

mzdzieborska@sidley.com

Fiona Shajko

London

fshajko@sidley.com

Uvini Edirisinghe

London

uedirisinghe@sidley.com

Alex Harper

London

alex.harper@sidley.com

Upcoming Events

May 142025

IAPP AI Governance Global Europe 2025

As AI becomes a growing part of our professional and personal environment, the need for education is becoming more urgent. AI literacy is not just for tech experts; it is for all of us. It allows us to make informed decisions and fosters critical thinking as the role of AI in our daily lives expands and continues to shape our world. This panel will discuss the AI literacy requirements under the EU AI Act and its practical implementation from a private practice, industry, and regulatory perspective. (more…)
May 14 @ 12:00 pm - 1:00 pm
View Calendar

Resources

 

Meet the Team

<a target=‘_blank’ href="https://www.sidley.com/en/people/a/akowuah-kwaku-a">Kwaku A. Akowuah</a>

Kwaku A. Akowuah

Washington, D.C.

kakowuah@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/a/armbrust-sheila-a-g">Sheila A.G. Armbrust</a>

Sheila A.G. Armbrust

San Francisco

sarmbrust@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/b/blythe-francesca">Francesca Blythe</a>

Francesca Blythe

London

fblythe@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/b/brown-colleen-theresa">Colleen Theresa Brown</a>

Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/c/cunningham-thomas-d">Thomas D. Cunningham</a>

Thomas D. Cunningham

Chicago

tcunningham@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/f/flanagan-sharon-r">Sharon R. Flanagan</a>

Sharon R. Flanagan

San Francisco, Palo Alto

sflanagan@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/g/gordon-david-a">David A. Gordon</a>

David A. Gordon

Chicago

dgordon@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/i/ishiara-tomoki">Tomoki Ishiara</a>

Tomoki Ishiara

Tokyo

tishiara@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/l/lally-amy-p">Amy P. Lally</a>

Amy P. Lally

Century City

alally@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/l/lashway-david-c">David C. Lashway</a>

David C. Lashway

Washington, D.C.

dlashway@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/l/long-william-rm">William RM Long</a>

William RM Long

London

wlong@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/l/loughnane-joan-m">Joan M. Loughnane</a>

Joan M. Loughnane

New York

jloughnane@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/m/malhotra-geeta">Geeta Malhotra</a>

Geeta Malhotra

Chicago

gmalhotra@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/r/ransom-rollin-a">Rollin A. Ransom</a>

Rollin A. Ransom

Los Angeles

rransom@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/r/raul-alan-charles">Alan Charles Raul</a>

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/s/seale-jennifer-b">Jennifer B. Seale</a>

Jennifer B. Seale

Washington, D.C.

jseale@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/t/tham-yuet-ming">Yuet Ming Tham</a>

Yuet Ming Tham

Singapore, Hong Kong

ytham@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/w/wilan-jonathan-m">Jonathan M. Wilan</a>

Jonathan M. Wilan

Washington, D.C.

jwilan@sidley.com

<a target=‘_blank’ href="https://www.sidley.com/en/people/w/woods-jr-john-w">John W. Woods Jr.</a>

John W. Woods Jr.

Washington, D.C.

jwoods@sidley.com

Click here to view all of Sidley’s Privacy and Cybersecurity professionals.

SUBSCRIBE

To receive email alerts when we post a blog entry, please provide your name and email address.