United States

Privacy and Data Protection Compliance Will Become More Fragmented in 2024

By Daniel Ilan, Marcela Robledo, Melissa Faragasso & Christine D'Alessandro on January 31, 2024

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

Continuing global trends to protect consumer privacy and rein in the exploitation of personal data by organizations, 2023 saw an explosion of comprehensive privacy laws, amendments to existing laws and a proliferation of targeted regulations around the world. Continue Reading Privacy and Data Protection Compliance Will Become More Fragmented in 2024

Quantum Computing and the Financial Sector: World Economic Forum Lays Out Roadmap Towards Quantum Security

By Ferdisha Snagg & Andreas Wildner on January 30, 2024

Posted in Cybersecurity, European Union, Financial Institutions, FinTech, United Kingdom, United States

Quantum technology is seen as having the potential to revolutionize many aspects of technology, the economy and society, including the financial sector. At the same time, this technology represents a significant threat to cybersecurity, especially due to its potential to render most current encryption schemes obsolete.Continue Reading Quantum Computing and the Financial Sector: World Economic Forum Lays Out Roadmap Towards Quantum Security

Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

By Daniel Ilan, Hakki Can Yildiz, Melissa Faragasso, Louie Ka Chun & Kimberly Everett on January 3, 2024

Posted in Breach Notifications, Cybersecurity, GDPR, India, Privacy, United States

Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

By Rahul Mukhi, Melissa Faragasso & Kimberly Everett on November 7, 2023

Posted in Cybersecurity, Regulatory, United States

On November 1, the New York Department of Financial Services (“DFS” or the “Agency”) announced finalized amendments to its Cybersecurity Regulation applicable to DFS-regulated entities.[1] The finalized amendments to the Cybersecurity Regulation (the “Amendments”) contain significant revisions designed to mandate preventative measures to address common attack vectors and enhance cybersecurity governance, bringing more formality and uniformity to the assessment and mitigation of a covered entity’s specific cybersecurity risks.[2] The Amendments may also portend future changes to cybersecurity regulations outside of DFS, as the original DFS Cybersecurity Regulation influenced many existing cybersecurity requirements in other areas of the law. Continue Reading New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

California Passes Delete Act Creating More Accountability for Data Brokers

By Daniel Ilan, Marcela Robledo, Melissa Faragasso & Jessica Graham on October 20, 2023

Posted in Enforcement, Privacy, United States

Continuing to pave the way for enhanced privacy rights for California consumers, on October 10, California Governor Gavin Newsom signed into law S.B. 262, colloquially known as the California Delete Act (the “Delete Act” or the “Act”)). [1] The Delete Act is the first of its kind in the United States, providing California-based consumers with a more streamlined, user-friendly way to request deletion of their personal information from data brokers. Continue Reading California Passes Delete Act Creating More Accountability for Data Brokers

Broad Definition of Sensitive Data and Concern for Children’s and Teenagers’ Data in Delaware Privacy Law Reflect Recent Trends in Evolving Data Protection Landscape

By Daniel Ilan, Rahul Mukhi, Melissa Faragasso & Amy Garland on September 25, 2023

Posted in Cybersecurity, Privacy, United States

On September 11, Delaware’s governor signed into law the Delaware Personal Data Privacy Act (the “DPDPA” or “Act”),[1] establishing Delaware as the 12^th state in the U.S. to enact its own comprehensive data protection law and contributing to the patchwork of U.S. data protection regimes that continue to proliferate in the absence of federal regulation. Continue Reading Broad Definition of Sensitive Data and Concern for Children’s and Teenagers’ Data in Delaware Privacy Law Reflect Recent Trends in Evolving Data Protection Landscape

New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

By Francesca L. Odell, Lillian Tsu, Jonathan S. Kolodner, Rahul Mukhi, Helena K. Grannis & Synne D. Chapman on August 2, 2023

Posted in Cybersecurity, SEC Guidance, United States

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

SEC Proposes Rules Limiting the Use of Artificial Intelligence by Registered Investment Advisers and Broker-Dealers

By Robin M. Bergen, Brant Brown, James R. Burns, Lyric Gupta, Jennifer Kennedy Park, Rahul Mukhi & Mohit Rathi on August 1, 2023

Posted in AI, Enforcement, Financial Institutions, SEC Guidance, United States

On July 26, 2023, the Securities and Exchange Commission (“SEC”) proposed new rules targeting the use of predictive data analytics and artificial intelligence (“AI”) by registered investment advisers (“RIAs”) and broker-dealers.[1] The new proposed rules focus on the potential for conflicts of interest and the possibility that newer, more complex analytics models (including those using AI) might optimize decision making for RIAs and broker-dealers by placing those firms’ interests above the interests of their clients.[2] The proposed rules would require RIAs and broker-dealers to: (i) evaluate whether their use of technologies “that optimize for, predict, forecast or direct investment-related behaviors or outcomes” create such a conflict of interest, and (ii) either stop using or address the effects of tools that place a firm’s interests before the interests of clients. RIAs and broker-dealers will also will be required to adopt policies to ensure compliance with the new proposed rules.[3] Continue Reading SEC Proposes Rules Limiting the Use of Artificial Intelligence by Registered Investment Advisers and Broker-Dealers

Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws

By Daniel Ilan, Marcela Robledo, Melissa Faragasso & Natalie Curry on June 21, 2023

Posted in Privacy, Regulatory, United States

In recent weeks, six states, Florida (effective July 1, 2024)[1], Texas (effective July 1, 2024)[2], Montana (effective October 1, 2024)[3], Iowa (effective January 1, 2025)[4], Tennessee (effective July 1, 2025)[5] and Indiana (effective January 1, 2026)[6], have passed consumer privacy laws, adding to the growing list of states with comprehensive privacy legislation alongside California, Virginia, Colorado, Connecticut and Utah. In the ever-changing landscape of privacy compliance, it is more critical and complicated than ever for businesses to be able to determine which state privacy laws may apply to their business.Continue Reading Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws

Amélie Champsaur

Amélie Champsaur’s practice covers a broad range of financial regulatory, compliance and enforcement matters, at French and EU level.

View Latest Posts

Daniel Ilan

Daniel Ilan’s practice focuses on intellectual property law.

View Latest Posts

Chase D. Kaniecki

Chase Kaniecki’s practice focuses on international trade and national security matters, including CFIUS and global foreign direct investment, economic sanctions, export controls, customs, and trade…

View Latest Posts

Joon H. Kim

Joon H. Kim’s practice focuses on white-collar criminal defense, internal corporate investigations, regulatory enforcement, and crisis management, as well as complex commercial litigation and arbitration.

View Latest Posts

Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

James Norris-Jones

James Norris-Jones has substantial experience of English and international commercial dispute resolution including litigation, arbitration, investigations, and enforcement.

View Latest Posts

Menu

Cleary Cybersecurity and Privacy Watch

United States

Privacy and Data Protection Compliance Will Become More Fragmented in 2024

Quantum Computing and the Financial Sector: World Economic Forum Lays Out Roadmap Towards Quantum Security

New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

California Passes Delete Act Creating More Accountability for Data Brokers

Broad Definition of Sensitive Data and Concern for Children’s and Teenagers’ Data in Delaware Privacy Law Reflect Recent Trends in Evolving Data Protection Landscape

New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

SEC Proposes Rules Limiting the Use of Artificial Intelligence by Registered Investment Advisers and Broker-Dealers

Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws