In today’s rapidly evolving digital landscape and expanded threat landscape, financial institutions feel at war and are under increasing pressure to balance innovation, data privacy, and regulatory demands. AI is accelerating that complexity, reshaping how organizations manage sensitive information and comply with a rapidly shifting legal environment.
The Report authored by the Presidential Working Group on Digital Assets Markets (PWG), titled “Strengthening American Leadership in Digital Financial Technology,” along with the accompanying fact sheet, outlines several key objectives aimed at positioning the U.S. as a leader in digital asset markets. Among its objectives are reinforcing the role of the U.S. dollar, modernizing Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) rules for the digital assets ecosystem, and ensuring fairness and predictability by establishing clear regulatory oversight.
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information Security Modernization Act, follows the discovery of unauthorized access to OCC emails and attachments that included highly sensitive information related to the financial condition of federally regulated financial institutions.
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive personal information. Additionally, the FCC prohibits using AI to clone voices. Data breach litigation continues to surge with one company striking a class action settlement agreement with payments of up to $75,000 per class member. In an interesting twist, the beauty company L’Occitane is suing a law firm seeking declaratory judgment that California’s wiretapping law is unconstitutional. Internationally, the Canadian government investigates a breach of its own agency, and ASEAN and the EU published a joint guide on cross-border contractual clauses.
Troutman Pepper recently published its 2023 Privacy Year in Review, a comprehensive analysis of the year’s key developments in privacy, security, and artificial intelligence, which offers practical advice for companies navigating the bewildering number of virtual threats and technological advancements. This annual guide to global trends, risks, best practices, and detailed case studies is a collaborative effort of our Privacy + Cyber and Regulatory Investigations, Strategy + Enforcement (RISE) teams. It aims to serve as a vital resource to help companies address current cybersecurity, privacy, and data protection challenges and prepare for future ones.
Editor’s Note: In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer Privacy Act (CCPA) regulations. The Federal Communications Commission (FCC) adopted rules to protect consumers from SIM-swapping scams and port-out fraud, and is investigating the impact of AI on robocalls and robotexts. The FCC plans to expand its data breach reporting rules, while the Federal Trade Commission (FTC) approved the use of compulsory process in nonpublic investigations for AI-related products and services. In litigation, a class action lawsuit was filed against Northwestern Mutual for alleged violation of the Illinois Genetic Information Privacy Act (GIPA), a growing sourcing of litigation for Illinois plaintiffs, and the FTC’s privacy complaint against mobile data broker Kochava has been unsealed. Law firm Warner Norcross + Judd LLP has been granted permission to appeal a standing issue related to a ransomware attack, and the Ninth Circuit has restricted the scope of personal jurisdiction applicable to e-commerce platforms and sided with car manufacturers in a privacy claim. Internationally, the EU is establishing a European Health Data Space (EHDS), the UK government proposed amendments to the Data Protection and Digital Information Bill, and the G7 countries signed a code of conduct for AI development.
We are pleased to share our annual review of regulatory and legal developments in the consumer financial services industry. With active federal and state legislatures, consumer financial services providers faced a challenging 2023. Courts across the country issued rulings that will have immediate and lasting impacts on the industry. Our team of more than 140 professionals has prepared this concise, yet thorough analysis of the most important issues and trends throughout our industry. We not only examined what happened in 2023, but also what to expect — and how to prepare — for the months ahead.
NEW YORK – Troutman Pepper ranks among the top law firms globally for its fintech practice in the Chambers FinTech Guide 2024 released this week. The firm achieved four new department Band ratings, and Partners James Kim and Kim Phan continue to be recognized as leading practitioners in the space.
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues to dominate the courts, including a denial of a motion to dismiss regarding worker’s voiceprints. In California, a federal judge enjoined enforcement of the Age-Appropriate Design Code Act. On the international level, Canada issued a Generative AI Code of Conduct for feedback, and the EU-DPF survives a court case.
Editor’s Note: As the summer months come to an end, there has been no shortage of privacy news and updates. Oregon signed both a comprehensive privacy law and data broker law, and the SEC adopted new rules regarding the disclosure of cybersecurity incidents. Online tracking technologies continue to be a source of both regulatory concern and litigation, with the FTC and HHS jointly sending a letter to hospitals about online tracking and numerous companies grappling with wiretapping claims. Internationally, India finally passed a comprehensive privacy law, and several data protection authorities issued a joint statement on data scraping.