California proposes rules for automated decision-making

On November 27, 2023, the California Privacy Protection Agency (“CPPA”) released a first draft of rules for automated decision-making technologies under California’s privacy law. The proposed rules revolve around providing notice of the technology’s use, opting out, and consumer access to business information. In general, the proposed rules would require businesses using automated decision-making technology … Continue reading

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

By Imran Ahmad (CA), John Cassell (CA), Maya Medeiros, Veronique Barry (CA), Sara A. Levine, KC (CA), Jesse Beatson, Roxanne Caron (CA) and Jeremie Wyatt (CA) on November 28, 2023 Posted in Artificial Intelligence, Cybersecurity

In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

By Marcus Evans (UK), Lara White (UK), Michael Sinclair (UK) and Rosie Nance on November 28, 2023 Posted in Artificial Intelligence

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech, which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, … Continue reading

PART II: Legislative advances in the world of artificial intelligence, Canada

By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on November 21, 2023 Posted in Artificial Intelligence, Cybersecurity

On October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading

Advances in artificial intelligence legislation in Canada (Part I)

By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on November 16, 2023 Posted in Artificial Intelligence, Cybersecurity

On September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading

US SEC charges SolarWinds and its CISO for alleged cybersecurity misstatements and controls failures

By Chris Cwalina (US), Will Daugherty (US), Kevin J. Harnisch (US), Anna Rudawski (US) and Ilana Beth Sinkin (US) on November 14, 2023 Posted in Cybersecurity, Dispute resolution and litigation, Enforcement

On October 30, 2023, the SEC announced charges against SolarWinds and its Chief Information Security Officer Timothy Brown. Read our full analysis at www.nortonrosefulbright.com. Special thanks to Law Clerk Ian Slingsby (Washington, DC) for his assistance in the preparation of this content.… Continue reading

President Biden issues sweeping artificial intelligence directives targeting safety, security and trust

By Will Daugherty (US), Marcus Evans (UK) and Gerar Mazarakis (US) on November 9, 2023 Posted in Artificial Intelligence

On October 30, 2023, after recognizing that Artificial Intelligence (AI) is the most consequential technology of our time and anticipating that it will accelerate more technological change in the next five to ten years than witnessed in the past fifty, President Biden issued an Executive Order directing actions to establish new AI standards. These directives, … Continue reading

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

By Dan Pepper (US) on November 8, 2023 Posted in Cybersecurity, General

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading

NYDFS finalizes cybersecurity rule amendments

By David Kessler (US) and Susan Ross (US) on November 2, 2023 Posted in General

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here), but include some changes. NYDFS included comments on the proposed … Continue reading

Avoiding, Managing And Responding To Cyber Incidents

By Katie Stephen (UK), Marcus Evans (UK), Rosie Nance and Catherine Pluck (UK) on November 2, 2023 Posted in Enforcement

Lessons From Recent Enforcement Background The Financial Conduct Authority (FCA) announced on 13 October 2023 that it had fined Equifax Limited (Equifax), a credit reference agency and data, analytics and technology business, £11,164,400 for failing to manage and monitor the security of UK consumer data it had transferred to its parent company based in the … Continue reading