Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
SEC Grants Further Relief From Including Personally Identifiable Information in CAT Reporting
By Wayne Aaron, James Brady, Susan Light and Michael Lohnes
On February 10, the Securities and Exchange Commission (SEC) granted relief exempting industry members from reporting a natural person's name, address and year of birth to the Consolidated Audit Trail (CAT). Industry members must still report transformed social security numbers or individual taxpayer identification numbers for natural persons and, to the extent applicable, Larger Trader IDs and Legal Entity Identifiers. The SEC's relief acknowledges the ongoing concerns of industry members and trade associations that the wholesale collection of customer information created cybersecurity risks, as such sensitive customer information was vulnerable to hacking by cybercriminals. Read more about the SEC's exemptive order.
EDPB Adopts Statement on Age Assurance and Creates a Task Force on AI Enforcement
By Trisha Sircar
On February 12, during its February 2025 plenary meeting, the European Data Protection Board (EDPB) adopted a statement on assurance, which outlines 10 principles concerning the processing of personal data when determining an individual's age or age range. The EDPB is also cooperating with the European Commission on age verification in the context of the Digital Services Act working group. Read more about the 10 principles, as well as the EDPB's extension of the ChatGPT task force.
New Data Privacy Working Group Created by US House Committee
By Trisha Sircar
On February 12, Congressman Brett Guthrie (R-KY), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (R-PA), Vice Chairman of the House Committee on Energy and Commerce, announced the establishment of a comprehensive data privacy working group (Working Group). The Working Group also includes Representatives Morgan Griffiths (R-VA), Troy Balderson (R-OH), Jay Obernolte (R-CA), Russell Fry (R-SC), Nick Langworthy (R-NY), Tom Kean (R-NJ), Craig Goldman (R-TX) and Julie Fedorchak (R-ND). Read more about how this initiative will allow companies to engage in shaping emerging federal data privacy standards.
European Commission Rejects Draft DORA RTS on Subcontracting
By Nathaniel Lalone and Ciara McBrien
The European Commission (Commission) recently published a letter (Letter) that it sent to the European Supervisory Authorities (ESAs) rejecting certain draft regulatory technical standards (RTS) under the EU Digital Operational Resilience Act (DORA). The draft RTS specified the conditions and criteria to be considered by financial entities when subcontracting information communication and technology (ICT) services supporting critical or important functions. The Letter, dated January 21, follows the ESAs' submission of its final report on the draft RTS in July 2024. Read more about the Letter and the basis of the Commission's rejection.
CFPB Shaken Up While Courts Address Consumer Fraud Obligations Under EFTA and Convenience Fees
By Camille Brooks, Eric Hail, Ted Huffman and Stuart Richter
The new administration continues to shake up the financial services regulatory environment. The Consumer Financial Protection Bureau's (CFPB) new acting director indicated over the weekend that the agency will not take its next draw of funding from the Federal Reserve, noting the CFPB's current balance as being more than sufficient. Its acting director has separately told staff to "stand down" from doing work, which has prompted lawsuits by staff. In the short term, the CFPB has already moved to stay multiple pending actions that were filed under the prior administration. Whether the CFPB will resume pursuit of the Rohit Chopra agenda remains to be seen. Read more about current enforcement actions some state attorneys general are taking without CFPB prompting.
