On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.
On December 10, 2024, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule with technical changes for the Medicare Advantage (MA) Program and the Medicare Prescription Drug Benefit Program for Calendar Year 2026 (Proposed Rule). Citing the growing use of Artificial Intelligence (AI) within the healthcare sector and reports that the use of AI may lead to “algorithmic discrimination” that exacerbates inequalities within healthcare, CMS proposes, for the first time, new guardrails that must be adopted by MA plans when using AI to manage patient care. CMS also proposes several reforms addressing utilization management (UM) techniques adopted by MA plans, including requirements for such plans to conduct and report detailed analyses on the use of prior authorizations. Notably, the Proposed Rule primarily modifies MA regulations, without direct application to the Medicare Part D prescription drug program.
Sidley thought leaders explored risks and opportunities of a second Trump administration in a “lightning round”, covering key practice areas. Change is coming and along with it, new and fast-paced risks and opportunities.
Check out the November edition of Spotlight on Women in Privacy! Esther Silberstein shares her views on why she loves being a privacy professional, the best professional advice she ever received, what she’s closely watching now, and how she unwinds.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngData Matters Contributors2024-12-17 12:02:562024-12-17 12:02:56Spotlight on Women in Privacy: Esther Silberstein
The EU AI Act is the world’s first horizontal and standalone law governing the commercialization and use of AI, and a landmark piece of legislation for the EU. Among the various provisions of the EU AI Act, the “AI literacy” principle is an often overlooked but key obligation which requires organizations to ensure that staff who are involved in the operation and use of AI have the necessary skills, knowledge and understanding to adequately assess AI-related risks and opportunities (e.g., through training and hiring staff with the appropriate background and skillset). This obligation – which applies from February 2, 2025 – is one of the few obligations under the EU AI Act that applies to all AI systems i.e., irrespective of the level of risk that the AI system presents. Indeed, by introducing AI literacy as one of the first provisions of the AI Act (Article 4), the EU legislators appear to underscore the significance of this requirement.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2024/12/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_13.jpg606833Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2024-12-16 10:40:352024-12-16 10:40:35EU AI Act: Are You Prepared for the “AI Literacy” Principle?
On October 28, 2024, the U.S. Department of the Treasury (Treasury) released the Final Rule for its new regulations prohibiting or requiring notification of U.S. outbound investments in certain Chinese-affiliated companies in the semiconductor and microelectronics, quantum information technology, and artificial intelligence (AI) sectors. The Final Rule will take effect on January 2, 2025.
Recent enforcement actions by both state and federal law enforcement signal that companies that make or use artificial intelligence products are facing increased scrutiny under existing unfair and deceptive acts and practices laws. Several late-2024 examples present important insights for companies navigating how to effectively and legally implement artificial intelligence technologies in their businesses.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-04-1.jpg607833Colleen Theresa Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen Theresa Brown2024-12-10 10:57:462024-12-10 11:00:57Rising AI Enforcement: Insights From State Attorney General Settlement and U.S. FTC Sweep for Risk Management and Governance
Enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and possession of biometric data by private entities operating in Illinois. Biometric data includes, for example, fingerprints, voiceprints, eye scans, and face/hand scans. Notably, BIPA establishes a private right of action, allowing any person to seek damages, attorneys’ fees, and injunctive relief if the person has been aggrieved by a BIPA violation. The statutory damages for BIPA violations are steep, including $1,000 to $5,000 per violation, attorneys’ fees and costs, and the possibility of injunctive relief.
Consumer Financial Protection Bureau Releases Proposed Rule on Fair Credit Reporting Act
On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Thomas G. Ward
Washington, D.C.
tgward@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Sean A. Smith
Washington, D.C.
sean.smith@sidley.com
Kerry Nilsen
Washington D.C.
knilsen@sidley.com
Jordyn R. Singer
Washington, D.C.
jordyn.singer@sidley.com
CMS Proposes Artificial Intelligence Limits and Utilization Management Guardrails for Medicare Advantage
On December 10, 2024, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule with technical changes for the Medicare Advantage (MA) Program and the Medicare Prescription Drug Benefit Program for Calendar Year 2026 (Proposed Rule). Citing the growing use of Artificial Intelligence (AI) within the healthcare sector and reports that the use of AI may lead to “algorithmic discrimination” that exacerbates inequalities within healthcare, CMS proposes, for the first time, new guardrails that must be adopted by MA plans when using AI to manage patient care. CMS also proposes several reforms addressing utilization management (UM) techniques adopted by MA plans, including requirements for such plans to conduct and report detailed analyses on the use of prior authorizations. Notably, the Proposed Rule primarily modifies MA regulations, without direct application to the Medicare Part D prescription drug program.
(more…)
Meenakshi Datta
Chicago
mdatta@sidley.com
Catherine Y. Starks
Chicago
cstarks@sidley.com
Mariya Denisko
Chicago
mariya.denisenko@sidley.com
Post-Election Landscape: New Risks, New Opportunities
Sidley thought leaders explored risks and opportunities of a second Trump administration in a “lightning round”, covering key practice areas. Change is coming and along with it, new and fast-paced risks and opportunities.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Spotlight on Women in Privacy: Esther Silberstein
Check out the November edition of Spotlight on Women in Privacy! Esther Silberstein shares her views on why she loves being a privacy professional, the best professional advice she ever received, what she’s closely watching now, and how she unwinds.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
EU AI Act: Are You Prepared for the “AI Literacy” Principle?
The EU AI Act is the world’s first horizontal and standalone law governing the commercialization and use of AI, and a landmark piece of legislation for the EU. Among the various provisions of the EU AI Act, the “AI literacy” principle is an often overlooked but key obligation which requires organizations to ensure that staff who are involved in the operation and use of AI have the necessary skills, knowledge and understanding to adequately assess AI-related risks and opportunities (e.g., through training and hiring staff with the appropriate background and skillset). This obligation – which applies from February 2, 2025 – is one of the few obligations under the EU AI Act that applies to all AI systems i.e., irrespective of the level of risk that the AI system presents. Indeed, by introducing AI literacy as one of the first provisions of the AI Act (Article 4), the EU legislators appear to underscore the significance of this requirement.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
U.S. Treasury Issues Final Rule Restricting Outbound Investments in Chinese-Affiliated Entities
On October 28, 2024, the U.S. Department of the Treasury (Treasury) released the Final Rule for its new regulations prohibiting or requiring notification of U.S. outbound investments in certain Chinese-affiliated companies in the semiconductor and microelectronics, quantum information technology, and artificial intelligence (AI) sectors. The Final Rule will take effect on January 2, 2025.
(more…)
James Mendenhall
Washington, D.C.
jmendenhall@sidley.com
Carys Golesworthy
Washington, D.C.
cgolesworthy@sidley.com
Lloyd Lyall
Washington, D.C.
lloyd.lyall@sidley.com
Rising AI Enforcement: Insights From State Attorney General Settlement and U.S. FTC Sweep for Risk Management and Governance
Recent enforcement actions by both state and federal law enforcement signal that companies that make or use artificial intelligence products are facing increased scrutiny under existing unfair and deceptive acts and practices laws. Several late-2024 examples present important insights for companies navigating how to effectively and legally implement artificial intelligence technologies in their businesses.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Christina C. Koenig
Dallas
christina.koenig@sidley.com
Benjamin M. Mundel
Washington, D.C.
bmundel@sidley.com
Lauren Freeman
San Francisco
lfreeman@sidley.com
Garrett Lance
Washington, D.C.
glance@sidley.com
Biometric Litigation Risks Endure Even Post BIPA Amendment
Enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and possession of biometric data by private entities operating in Illinois. Biometric data includes, for example, fingerprints, voiceprints, eye scans, and face/hand scans. Notably, BIPA establishes a private right of action, allowing any person to seek damages, attorneys’ fees, and injunctive relief if the person has been aggrieved by a BIPA violation. The statutory damages for BIPA violations are steep, including $1,000 to $5,000 per violation, attorneys’ fees and costs, and the possibility of injunctive relief.
(more…)
Kathleen Carlson
Chicago
kathleen.carlson@sidley.com
Lawrence P. Fogel
Chicago
lawrence.fogel@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Andrew F. Rodheim
Chicago
arodheim@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com