Data Dive

A new “Privacy and Data Protection” Task Force has been launched by the FCC. The group will coordinate rulemaking and enforcement across the agency, and handle data breach investigations, equipment authorization, reporting and issues related to undersea cables.

The United States Department of Health and Human Services (HHS), working in coordination with industry leaders, has stepped up efforts to play a central role in helping health care organizations defend against cybersecurity threats.

A recent opinion by the Southern District of New York arrives at a time when several large fund managers are facing SEC Enforcement investigations associated with so-called “off-channel” communications. The ruling highlights the intersection of SEC obligations and privacy law.

Read More

A new legislative framework to regulate artificial intelligence (AI) was recently unveiled by Senate Majority Leader Chuck Schumer (D-NY). The effort, expected to span across multiple congressional committees, is centered on four guardrails: “Who,” “Where,” “How” and “Protect.”

On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) voted to propose three measures to protect customer information and hold covered institutions accountable for cyberattacks.

The 2023 National Cybersecurity Strategy (the Strategy) released by the Biden Administration highlights shifts that are “rebalance[ing] the responsibility to defend cyberspace” and “realign[ing] incentives to favor long-term investments.” For the technology sector, the Strategy focuses on investments in cybersecurity-related research and development aimed at modernizing federal information and operational technology systems.

Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in 2023. Federal enforcement actions, state laws and agency guidance have cast dark patterns as a grave concern that regulators are looking to root out from company practice. But what exactly are dark patterns and which practices do they encompass? Here we will discuss practices that risk being classified as dark patterns and how regulators are enforcing this new data privacy trap.

The National Institute for Standards and Technology (NIST) recently unveiled the first version of its Artificial Intelligence Risk Management Framework (AI RMF 1.0, or “Framework”). This highly anticipated and detailed Framework is intended as a voluntary guide for designing, developing, using and evaluating AI-related products and services with trustworthiness considerations in mind. Organizations can make use of this Framework to better prepare for the unique and often unpredictable risks associated with AI systems. Although there are no legal requirements for implementation of the Framework, it will likely be used to assess reasonableness of AI technology, viewed in parallel with the Blueprint for an AI Bill of Rights in the U.S. (discussed here) and the European Union’s (EU) Artificial Intelligence Act (discussed here).