In an unprecedented move, both the New York Senate and Assembly have approved Senate Bill 995, also referred to as the “LLC Transparency Act,” which would require the disclosure of the beneficial owners of limited liability companies (LLCs) in the State of New York. The LLC Transparency Act defines a “Beneficial Owner” to include any individual who, directly or indirectly: (a) exercises substantial control over the LLC; or (b) owns or controls not less than 25% percent of the ownership interests of the LLC. The LLC Transparency Act is currently awaiting Governor Kathy Hochul's signature to become law.

Zoom, the popular videoconferencing application, recently addressed concerns and sparked discussions regarding its updated terms of service (TOS) related to the use of user data for training its artificial intelligence (AI) models. The updates, which became effective on July 27, have prompted conversations about data privacy, ownership, and the ethical implications of AI development.

Following up on its Tri-Seal Compliance Note earlier this year cracking down on third-party intermediaries’ evasion of Russia-related sanctions and export controls, the U.S. Departments of Commerce, Treasury and Justice have issued a new Tri-Seal Compliance Note (“Note”) proposing voluntary self-disclosure (“VSD”) of potential violations of sanctions, export controls, and other national security laws. The Note describes VSD policies of each department that can provide significant mitigation of civil or criminal liability that could extend to non-prosecution agreements or a reduction of 50 percent in the base penalty amount for civil or criminal penalties. 

The Oregon Consumer Privacy Act (OCPA) is the 11th comprehensive privacy law passed in the United States that gives individuals – in this case, Oregonians – significant control over their personal information. The OCPA, which goes into effect on July 1, 2024, applies to businesses that provide services and products to Oregonians and either control (i.e., collect) or process personal information from at least 100,000 Oregon consumers, or control or process personal information from 25,000 Oregon consumers where 25% of the business’s gross annual revenue comes from selling personal information.

The Connecticut Supreme Court issued a key ruling on August 8, 2023 regarding the immunity conferred under Executive Order 7V for civil lawsuits against health care professionals and providers.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) announced new proposed rules for regulating brokerages and money managers using artificial intelligence (AI) to serve their clients. The SEC’s plan aims to address concerns about potential conflicts of interest that arise when financial services firms use the burgeoning technology. Companies and individuals in the financial industry should take note.

Welcome to the July edition of the CyberCapsule. In this edition, we highlight new ways the Biden administration is attempting to combat cyber incidents and the threat actors' continued evasiveness and pervasiveness. The SEC also made a splash, both with the recent Covington order and with the long-awaited released of its disclosure rules. And, finally, we remind our readers of two newly amended data breach notification statutes.

The Securities and Exchange Commission (“SEC”) recently adopted new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (“Final Amendments”) for publicly traded companies. From a cybersecurity reporting standpoint, these rules require public companies to: (1) report material cybersecurity incidents within four business days of discovery; and (2) annually disclose their cybersecurity risk management, strategy, and governance processes. The rules go into effect 30 days after being released in the Federal Register which typically occurs within 45 days after a rule is finalized.