With the widespread adoption of artificial intelligence (“AI”) and other complex algorithms across industries, many business decisions that used to be made by humans are now being made (either solely or primarily) by algorithms or models.  Examples of automated decision-making (“ADM”) include determining: Who gets an interview, a job, a promotion, or employment discipline; Which ads get displayed for a…

On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (the “Final Rule”). The Final Rule went into effect on April 1, 2022 and required banking organizations, as well as certain banking service providers, to comply…

On Wednesday, May 25, 2022, Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group joined Luke Tenery and Michael Costa of  StoneTurn’s Cybersecurity and Incident Response Group for an engaging discussion on Artificial Intelligence Incident Response hosted by the Cybersecurity Docket. The panel discussed: Current legal, compliance, and risks relating to AI that are likely to lead…

Connecticut’s Governor signed the state’s comprehensive privacy law into effect on May 10, 2022, adding yet another category of state privacy law. The Connecticut legislature largely drew upon provisions found in existing comprehensive U.S. state privacy laws in California, Virginia, Colorado, and Utah to draft “An Act Concerning Protection of Consumer Data Privacy and Online Monitoring” (the “Connecticut Privacy Act”…

On Friday, May 20, 2022, Avi Gesser and Anna Gressel of Debevoise’s Data Strategy & Security Group and Eric Dinallo and Marshal Bozzo of Debevoise’s Insurance Regulatory practice had an engaging discussion on Artificial Intelligence and Discrimination in the Insurance Industry (Part III in this series). Topics included: Regulatory developments since Part II of our discussion on Artificial Intelligence and…

One of the most significant trends in insurance regulation involves regulators requiring insurers to demonstrate that their use of alternative data (“Big Data”) and artificial intelligence (“AI”) is not discriminatory. On April 20, 2022, the Connecticut Insurance Department (the “Department”) released a notice titled “The Usage of Big Data and Avoidance of Discriminatory Practices” (the “Notice”) addressed to all entities…

On April 26, 2022, the Division of Examinations (“EXAMS”) of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert titled “Investment Adviser MNPI Compliance Issues” (“Risk Alert”) on the use of alternative data.  The Risk Alert outlines EXAMS’ recent observations on compliance deficiencies related to Section 204A of the Investment Advisers Act of 1940—including deficiencies relating to policies…

On March 24, 2022, Utah enacted a comprehensive consumer privacy law, the Utah Consumer Privacy Act (“UCPA”). The UCPA, effective on December 31, 2023, is largely consistent with other comprehensive state privacy laws, but includes several key differences. The UCPA is set to be reviewed by the attorney general who must submit a report to the legislature by July 1,…