Welcome to the second edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.
As always, the contents provided below are time-sensitive and subject to change.
Welcome to the first edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. The first two editions of Byte Back AI will be released for free on Byte Back. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.
Read the second complimentary edition here.
As always, the contents provided below are time-sensitive and subject to change.
Keypoint: The attorney general’s office modified the Colorado Privacy Act Rules to create a process for issuing opinion letters and interpretative guidance and to address the biometric and children’s privacy amendments passed by the Colorado legislature during the 2024 session.
On December 6, the Colorado attorney general’s office notified the public that it has adopted updated Colorado Privacy Act (CPA) Rules. The office provided a clean version of the new rules as well as a redline of the changes.
The new rules create a process for issuing opinion letters and interpretive guidance. They also modify the existing language in the CPA Rules to address two bills passed by the Colorado legislature during its 2024 session – SB 41 (kid’s privacy) and HB 1130 (biometric privacy). You can read more about the SB 41 and SB 1130 here and here.
The adopted rules come after the office published draft rules in September and held a public hearing in November. The office made modifications to the rules based on public feedback received during that process.
The new rules still need to clear two hurdles before they go into effect. According to the attorney general’s office, “[a]s the final step in the rulemaking process, the Department has requested a formal opinion on the adopted rules from the Attorney General. After that formal opinion is issued, the rules will then be filed with the Secretary of State, and they will become effective 30 days after they are published in the state register.”
In the below article, we provide a brief summary of the more notable provisions in the new rules. For ease of analysis, the article discusses the rules based on the three topics they address: (1) biometric privacy, (2) children’s privacy, and (3) opinion letters and interpretive guidance.
State lawmakers filed nearly 500 AI-related bills in 2024 with Colorado, California, Illinois, and Utah passing notable laws. With state lawmakers emboldened by federal inactivity, 2025 promises to see even more state action. Regulatory agencies such as the California Privacy Protection Agency are also considering AI-related rulemaking that could have significant impact on businesses.
Join
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy attorney Shelby Dolen provides a high-level summary of the draft risk assessment regulations.
This is the fourth on-demand webinar in our four-part series analyzing the draft regulations. You can
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the draft cybersecurity audit regulations.
This is the third on-demand webinar in our four-part series analyzing the draft regulations. You can
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the proposed changes to the existing CCPA regulations.
This is the second on-demand webinar in a four-part series analyzing the draft
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the draft regulations on automated decisionmaking technology (ADMT). During the Board meeting, the draft ADMT regulations were a source of many
Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds from their new employers.
On November 1, 2024, NYDFS issued guidance warning companies against an increasing risk posed from individuals applying for employment in IT roles who are in fact operating on behalf of North Korea. These applicants seek employment in order to infiltrate western companies’ computer systems and illicitly generate revenue for the North Korean regime.
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats malicious actors using AI and the risks associated with a Covered Entity’s own AI systems.
The NYDFS industry letter (“Letter”) recognizes that Covered Entities can leverage AI to enhance their cybersecurity posture. The department contends that doing so would bolster entities’ compliance with NYDFS cybersecurity regulation 23 NYCRR Part 500 (“Part 500”).