On November 27, 2023, the California Privacy Protection Agency (“CPPA”) released a first draft of rules for automated decision-making technologies under California’s privacy law. The proposed rules revolve around providing notice of the technology’s use, opting out, and consumer access to business information. In general, the proposed rules would require businesses using automated decision-making technology … Continue reading
In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading
A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech, which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, … Continue reading
On October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading
On September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading
On October 30, 2023, the SEC announced charges against SolarWinds and its Chief Information Security Officer Timothy Brown. Read our full analysis at www.nortonrosefulbright.com. Special thanks to Law Clerk Ian Slingsby (Washington, DC) for his assistance in the preparation of this content.… Continue reading
On October 30, 2023, after recognizing that Artificial Intelligence (AI) is the most consequential technology of our time and anticipating that it will accelerate more technological change in the next five to ten years than witnessed in the past fifty, President Biden issued an Executive Order directing actions to establish new AI standards. These directives, … Continue reading
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading
On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here), but include some changes. NYDFS included comments on the proposed … Continue reading
Lessons From Recent Enforcement Background The Financial Conduct Authority (FCA) announced on 13 October 2023 that it had fined Equifax Limited (Equifax), a credit reference agency and data, analytics and technology business, £11,164,400 for failing to manage and monitor the security of UK consumer data it had transferred to its parent company based in the … Continue reading