Upcoming Webinar: Consumer-Permissioned Data Sharing: Risks, Gaps and Solutions

Data aggregators and fintech providers are now offering services that let consumers manage their finances using information from multiple accounts at multiple financial institutions. This kind of consumer data access raises serious questions about the relationship between financial institutions and consumer-designated third parties. This webinar will cover the risks that come with consumer-permissioned information sharing, current gaps and solutions in the existing legal framework to address these risks and issues that can be addressed contractually between various stakeholders.

Read More

EmailShare

Maine’s Act to Protect the Privacy of Online Consumer Information

Since the passage of the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.) (“CCPA”), several states are following in California’s footsteps and adopting privacy bills that would allow consumers to object to the sale of their personal information.

Read More

EmailShare

The CCPA Ripple Effect: Nevada Passes Privacy Legislation

With about half a year to go until the California Consumer Privacy Act (CCPA)’s effective date, and with significant amendments still percolating to define the scope and impact of the CCPA come 2020, other states continue to consider whether to adopt new and broader privacy laws of their own, with Nevada recently taking the distinction of being the first to follow the CCPA trend.  While the scope and obligations of the Nevada law is significantly narrower than the CCPA and thus largely will align with current CCPA implementation projects, the new Nevada law does expand upon the CCPA in one particularly notable way—it moves the deadline to facilitate opt-outs of sales of personal information up to October 2019.

Read More

EmailShare

Recent Risk Alerts by SEC OCIE Highlight Privacy and Cybersecurity Issues in Examinations

The SEC’s Office of Compliance Inspections and Examinations (OCIE) released two Risk Alerts, on April 16, 2019 and May 23, 2019, highlighting the importance of privacy and cybersecurity compliance for SEC-registered investment advisors and broker-dealers under Regulation S-P. As previously covered on Data Matters, OCIE has consistently identified cybersecurity as one of its main areas of focus for examinations.

Indeed, cybersecurity was once again identified by OCIE in its 2019 National Exam Program Examination Priorities (2019 Exam Priorities), which placed a particular emphasis on proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.  With the issuance of the April 16 and May 23 Risk Alerts, OCIE has provided additional detail regarding specific issues that SEC-registered entities should focus on to mitigate privacy and cybersecurity risk, as well as to prepare for examinations.

Read More

EmailShare

GDPR: One Year On

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“GDPR”) came into force. For most in privacy, involvement with the GDPR has been ongoing for well over this year, but on the first anniversary of the GDPR we take an opportunity to look back and reflect on where we are now in relation to some key areas of interest including enforcement action, privacy litigation, breach notification and developing guidance from the European Data Protection Board (“EDPB”).

Read More

EmailShare

NYC Automated Decision-Making Task Force Forum Provides Insight Into Broader Efforts to Regulate Artificial Intelligence

More and more entities are deploying machine learning and artificial intelligence to automate tasks previously performed by humans.  Such efforts carry with them real benefits, such as the enhancement of operational efficiency and the reduction of costs, but they also raise a number of concerns regarding their potential impacts on human society, particularly as computer algorithms are increasingly used to determine important outcomes like individuals’ treatment within the criminal justice system.

This mixture of benefits and concerns is starting to attract the interest of regulators.  Efforts in the European Union, Canada, and the United States have initiated an ongoing discussion around how to regulate “automated decision-making” and what principles should guide it.  And while not all of these regulatory efforts will directly implicate private companies, they may nonetheless provide insight for companies seeking to build consumer trust in their artificial intelligence systems or better prepare themselves for the overall direction that regulation is taking.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator