Regulatory Enforcement

NYDFS Issues Final Circular Letter Guidance on Use of AI in Insurance Underwriting and Pricing

August 9, 2024 By Daniel Felz, Lance Taubin, Colton Jackson and Hyun Jai Oh

On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing (“Final Circular Letter”). The Final Circular Letter comes in the wake of a […]

Dutch Data Protection Authority Warns that Using AI Chatbots Can Lead to Personal Data Breaches

August 9, 2024 By Wim Nauwelaerts

On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots. In its guidance, the DPA reports that it has recently received several notifications of personal data breaches caused by employees sharing personal data with a chatbot that […]

California AG Announces $500,000 Settlement with Mobile Game App Company for Unlawful Collection and Sharing of Children’s Data

July 15, 2024 By Maki DePalo, Jennifer Everett, Dorian Simmons and Hyun Jai Oh

On June 18, 2024, California Attorney General (“AG”) Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a settlement with a video game developer and publisher regarding allegations that the company violated the California Consumer Privacy Act (the “CCPA”), the federal Children’s Online Privacy Protection Act (“COPPA”) and California’s Unfair Competition Law (the […]

What to Tell Your C-Suite About the EU AI Act

July 15, 2024 By Wim Nauwelaerts and Paul Greaves

On July 12, 2024, the European Union’s long-awaited Artificial Intelligence Act (AI Act) was finally published. It will enter into force on the twentieth day following its publication; i.e., on August 1, 2024. The AI Act is a landmark legal framework that imposes obligations on both private and public sector actors that develop, import, distribute, […]

SEC Settlement Suggests the Agency’s Attempt to Regulate Cybersecurity Controls

July 2, 2024 By Cara Peterman, Kim Peretti, David Brown, Sierra Shear and Madeleine Juszynski Davidson

On June 18, 2024, the SEC announced a $2.125 million settlement with R.R. Donnelley & Sons Co. (“RRD”) related to the company’s 2021 ransomware attack (the “Incident”). The settlement, and the SEC’s accompanying cease-and-desist order (the “Order”), portend the agency’s continued and increasing oversight over registrants’ cybersecurity policies and practices. Background RRD is a global […]