The Texas Office of the Attorney General recently has become increasingly interested in the practices of organizations who collect and utilize consumer data. On January 13, 2025, the Attorney General of Texas, Ken Paxton, (the “Texas AG”) filed a complaint (the “Complaint”) against a large insurance entity and its subsidiary company (“Defendants”). The Complaint outlines […]
SEC 2025 Examination Priorities Indicate Sustained Focus on Cybersecurity & Data Protection
The SEC has released its Examination Priorities: Fiscal Year 2025 (“Examination Priorities”), which may be a useful roadmap to SEC-registered investment advisers, exchanges, and other entities subject to routine examination by the SEC Division of Examinations (“EXAMS”). The Examination Priorities represent the EXAMS Staff’s identification of areas of heightened risks to investors and/or the integrity […]
President Biden Signs First National Security Memorandum Focused on AI
On October 24, 2024, President Biden signed the first-ever National Security Memorandum (“NSM”) focused on artificial intelligence (“AI”), pursuant to subsection 4.8 of Executive Order 14110. The NSM provides guidance on developing, employing, and strengthening AI usage within the federal government. The NSM outlines three main objectives which serve as guideposts in directing the U.S. […]
NYDFS Issues Guidance on Artificial Intelligence-related Cybersecurity Risks
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry Letter”). The Industry Letter contains guidance for entities regulated by NYDFS (“Covered Entities”) in assessing and responding to cybersecurity risks related to the use […]
NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature
On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password without the assistance of help desk or IT professionals. The Industry Letter discusses the risks associated with the use of […]