On January 17, 2024, the New York Department of Financial Services (NYDFS) entered into a consent order with Industrial and Commercial Bank of China Ltd. (ICBC or the Bank), resolving a matter in which ICBC’s New York branch disclosed confidential supervisory information (CSI) without authorization. The order includes a civil monetary penalty of $30 million. Two days later, the Board of Governors of the Federal Reserve System (Federal Reserve) entered into a consent cease-and-desist order with ICBC and its New York branch that includes a fine of approximately $2.4 million for the unauthorized disclosure of CSI. The Federal Reserve specifically noted that its action was taken in conjunction with the prior action of NYDFS.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Joel D. Feinberghttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJoel D. Feinberg2024-01-24 13:02:372024-01-24 13:02:37Federal and State Regulators Fine Foreign Bank for Unauthorized Disclosure of Confidential Supervisory Information
On 30 November 2023, the EU reached political agreement on the Cyber Resilience Act (“CRA”), the first legislation globally to regulate cybersecurity for digital and connected products that are designed, developed, produced and made available on the EU market. The CRA was originally proposed by the European Commission in September 2022. Alongside the recently adopted Data Act, Digital Operational Resilience Act (“DORA”), Critical Entities Resilience Act (“CER”), Network and Information Systems Security 2 Directive (“NISD2”) and Data Governance Act, the CRA builds on the EU Data and Cyber Strategies, and complements upcoming certification schemes, such as the EU Cloud Services Scheme (“EUCS”) and the EU ICT Products Scheme (“EUCC”). It responds to an increase in cyber-attacks in the EU over the last few years – in particular the rise in software supply chain attacks which have tripled over the last year –as well as the significant rise in digital and connected products in daily life which magnifies the risk of such attacks.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-13.jpg607834William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2024-01-22 12:07:302024-02-06 12:39:12EU Reaches Political Agreement on Cyber Resilience Act for Digital and Connected Products
The National Association of Insurance Commissioners (NAIC) held its Fall 2023 National Meeting (Fall Meeting) from November 30 through December 4, 2023. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Fall Meeting. Highlights include adoption of a new model bulletin addressing the use of artificial intelligence in the insurance industry, continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, and continued discussion of considerations related to private equity ownership of insurers.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Stephanie H. Dobeckihttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngStephanie H. Dobecki2024-01-09 12:03:012024-01-09 12:09:47Regulatory Update: National Association of Insurance Commissioners Fall 2023 National Meeting
Join our 7th annual Trend Watch webinar to learn how tactical decision-making can help you conquer California’s challenging legal environment. Our focus areas will include:
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Maureen F. Gorsenhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMaureen F. Gorsen2024-01-08 16:05:302024-01-10 14:16:53Trend Watch 2024: Hot Topics in California Regulation and Litigation
Australia’s Digital Platform Regulators Forum (DP-REG) has recently released two working papers relevant to developing AI policy on the global stage: Literature summary: Harms and risks of algorithms (Algorithms WP) and Examination of technology: Large language models used in generative artificial intelligence (LLM WP) (together, the Working Papers) to mark the launch of its website. The DP-REG, which comprises various prominent Australian regulators across multiple industries, was established to ensure a collaborative and cohesive approach to the regulation of digital platform technologies in Australia. The Working Papers focus on understanding the risks and harms, as well as evaluating the benefits, of algorithms and generative artificial intelligence, and provides recommendations on the Australian Federal Government’s response to AI. The Working Papers also serve as a useful resource for the Australian industry and the public as these technologies are increasingly integrated and engaged with in the Australian market. Interestingly, the recommendations set out in the Working Papers are broadly aligned with the requirements of the EU’s Artificial Intelligence Act, which reached political agreement on 8 December 2023, suggesting that Australia’s proposed approach to regulating AI may be inspired at least in part by Europe’s AI regulatory framework.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2024-01-03 12:01:082024-01-03 12:01:08Australia’s Digital Platform Regulators Release Working Papers on Risks and Harms Posed by Algorithms and Large Language Models
In Part Four of the OneTrust DataGuidance Insight articles on state data privacy laws, Sidley Austin lawyers Sheri Porath Rockwell and Ernesto Claeyssen discuss data subject rights and privacy policy requirements under the patchwork of 13 US states’ comprehensive data privacy laws that have been passed.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sheri Porath Rockwellhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSheri Porath Rockwell2023-12-14 11:09:002023-12-14 11:33:42USA: An Overview of State Data Privacy Laws Part Four – Data Subject Rights and Privacy Policy Requirements
On 8 December 2023 — following three days of lengthy and intensive negotiations — EU legislators reached political agreement on the world’s first stand-alone law regulating AI: the EU’s AI Act. The EU considers the AI Act as one of its key pieces of legislation and fundamental to ensuring the EU becomes the world’s leading digital economy.
For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls MemorialHospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for healthcare treatment, payment, or operations — regardless of its source.1 This decision also marks the Illinois Supreme Court’s first BIPA-related decision where it adopted the defendants’ proposed interpretation of the statute. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Kathleen Carlsonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngKathleen Carlson2023-12-08 09:59:292024-02-29 15:13:19In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Federal and State Regulators Fine Foreign Bank for Unauthorized Disclosure of Confidential Supervisory Information
On January 17, 2024, the New York Department of Financial Services (NYDFS) entered into a consent order with Industrial and Commercial Bank of China Ltd. (ICBC or the Bank), resolving a matter in which ICBC’s New York branch disclosed confidential supervisory information (CSI) without authorization. The order includes a civil monetary penalty of $30 million. Two days later, the Board of Governors of the Federal Reserve System (Federal Reserve) entered into a consent cease-and-desist order with ICBC and its New York branch that includes a fine of approximately $2.4 million for the unauthorized disclosure of CSI. The Federal Reserve specifically noted that its action was taken in conjunction with the prior action of NYDFS.
(more…)
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
Michael D. Lewis
Washington, D.C.
michael.lewis@sidley.com
Joan M. Loughnane
New York
jloughnane@sidley.com
Michael D. Mann
New York
mmann@sidley.com
Timothy J. Treanor
New York
ttreanor@sidley.com
Laura Sorice
EU Reaches Political Agreement on Cyber Resilience Act for Digital and Connected Products
On 30 November 2023, the EU reached political agreement on the Cyber Resilience Act (“CRA”), the first legislation globally to regulate cybersecurity for digital and connected products that are designed, developed, produced and made available on the EU market. The CRA was originally proposed by the European Commission in September 2022. Alongside the recently adopted Data Act, Digital Operational Resilience Act (“DORA”), Critical Entities Resilience Act (“CER”), Network and Information Systems Security 2 Directive (“NISD2”) and Data Governance Act, the CRA builds on the EU Data and Cyber Strategies, and complements upcoming certification schemes, such as the EU Cloud Services Scheme (“EUCS”) and the EU ICT Products Scheme (“EUCC”). It responds to an increase in cyber-attacks in the EU over the last few years – in particular the rise in software supply chain attacks which have tripled over the last year –as well as the significant rise in digital and connected products in daily life which magnifies the risk of such attacks.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Mhairi Cameron
Trainee Solicitor
mcameron@sidley.com
Regulatory Update: National Association of Insurance Commissioners Fall 2023 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Fall 2023 National Meeting (Fall Meeting) from November 30 through December 4, 2023. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Fall Meeting. Highlights include adoption of a new model bulletin addressing the use of artificial intelligence in the insurance industry, continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, and continued discussion of considerations related to private equity ownership of insurers.
(more…)
Stephanie H. Dobecki
Chicago
sdobecki@sidley.com
Ellen M. Dunn
New York
edunn@sidley.com
Andrew R. Holland
New York
aholland@sidley.com
Michael L. Rosenfield
Los Angeles
mrosenfield@sidley.com
Chris H. Burusco
Los Angeles
cburusco@sidley.com
Sara N. Africano
Chicago
safricano@sidley.com
Jacob A. Grossman
Chicago
jgrossman@sidley.com
Trend Watch 2024: Hot Topics in California Regulation and Litigation
Join our 7th annual Trend Watch webinar to learn how tactical decision-making can help you conquer California’s challenging legal environment. Our focus areas will include:
(more…)
Maureen F. Gorsen
Century City
maureen.gorsen@sidley.com
Amy P. Lally
Century City
alally@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Australia’s Digital Platform Regulators Release Working Papers on Risks and Harms Posed by Algorithms and Large Language Models
Australia’s Digital Platform Regulators Forum (DP-REG) has recently released two working papers relevant to developing AI policy on the global stage: Literature summary: Harms and risks of algorithms (Algorithms WP) and Examination of technology: Large language models used in generative artificial intelligence (LLM WP) (together, the Working Papers) to mark the launch of its website. The DP-REG, which comprises various prominent Australian regulators across multiple industries, was established to ensure a collaborative and cohesive approach to the regulation of digital platform technologies in Australia. The Working Papers focus on understanding the risks and harms, as well as evaluating the benefits, of algorithms and generative artificial intelligence, and provides recommendations on the Australian Federal Government’s response to AI. The Working Papers also serve as a useful resource for the Australian industry and the public as these technologies are increasingly integrated and engaged with in the Australian market. Interestingly, the recommendations set out in the Working Papers are broadly aligned with the requirements of the EU’s Artificial Intelligence Act, which reached political agreement on 8 December 2023, suggesting that Australia’s proposed approach to regulating AI may be inspired at least in part by Europe’s AI regulatory framework.
(more…)
William RM Long
London
wlong@sidley.com
Denise Kara
dkara@sidleyenergy.com
USA: An Overview of State Data Privacy Laws Part Four – Data Subject Rights and Privacy Policy Requirements
In Part Four of the OneTrust DataGuidance Insight articles on state data privacy laws, Sidley Austin lawyers Sheri Porath Rockwell and Ernesto Claeyssen discuss data subject rights and privacy policy requirements under the patchwork of 13 US states’ comprehensive data privacy laws that have been passed.
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Ernesto R. Claeyssen
New York
eclaeyssen@sidley.com
EU Reaches Historical Agreement on AI Act
On 8 December 2023 — following three days of lengthy and intensive negotiations — EU legislators reached political agreement on the world’s first stand-alone law regulating AI: the EU’s AI Act. The EU considers the AI Act as one of its key pieces of legislation and fundamental to ensuring the EU becomes the world’s leading digital economy.
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information
For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for healthcare treatment, payment, or operations — regardless of its source.1 This decision also marks the Illinois Supreme Court’s first BIPA-related decision where it adopted the defendants’ proposed interpretation of the statute. (more…)
Kathleen Carlson
Chicago
kathleen.carlson@sidley.com
Neil H. Conrad
Chicago
nconrad@sidley.com
Lawrence P. Fogel
Chicago
lawrence.fogel@sidley.com
Geeta Malhotra
Chicago
gmalhotra@sidley.com
Andrew F. Rodheim
Chicago
arodheim@sidley.com
Upcoming Events
The Impacts of AI on the Power Sector and Related Regulatory Challenges
RSVP here.
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com