Sidley Data Privacy

On February 12, 2025, the European Insurance and Occupational Pensions Authority published a consultation on its draft opinion on artificial intelligence governance and risk management. Read more on "EIOPA Publishes Consultation on Opinion on AI Governance and Risk Management" on James Phythian-Adams,?Francesca Blythe,?Julie L.,?and?Luqman Swift's blog post.

Sidley is representing Clearlake Capital Group in its significant majority growth investment in ModMed. The company, currently backed by Warburg Pincus, is a developer of AI-powered medical practice technology, including electronic health records, practice management, revenue cycle management, patient engagement, payment processing, and native AI integrations. The Sidley team is being led by partners Mehdi Khodadad and Mark Castiglia. Read more here: https://bit.ly/41szV1c.

Sidley welcomes Michael Hochman, who has joined our Washington, D.C. office as a partner in the firm’s Privacy and Cybersecurity practice immediately following his four years of service at the White House Office of the National Cyber Director (ONCD). Mr. Hochman was instrumental in shaping ONCD policy and focus, and was at the center of many national security policy initiatives involving cybersecurity, privacy, AI, and quantum computing. These initiatives focused on the development and implementation of national cybersecurity and AI policies related to protecting and improving the resilience of critical infrastructure and reducing vulnerabilities for operators in space, electric vehicles, healthcare systems, water and wastewater, AI, quantum-resistant cryptography, and open-source software. Read more on his arrival to Sidley here: https://bit.ly/439Tazg.

Sidley has been named a finalist for “Cyber Law Firm of the Year” at Intelligent Insurer’s 2025 Cyber Insurance Awards USA. With one of the few multidisciplinary practice groups dedicated to the insurance industry, Sidley’s leading teams regularly represent the #insurance industry in some of its most cutting-edge #privacy, #cybersecurity, and technology counseling, regulatory matters, and transactions. Read more here: https://bit.ly/41K6aut.

Read more on "Engage with the U.S. SEC’s Crypto Task Force and Shape the Future of Crypto Regulation" on Lilya Tessler,?Andrew Sioson,?Chuck Daly,?Carla Teodoro,?and?Alec S.' blog post.

On January 20, 2025, the European Data Protection Board adopted a?report on the implementation of the right of access by controllers?under the GDPR. The right of access was the subject of the EDPB’s third coordinated enforcement action in 2024 which involved 1,185 controllers of varying size, industry, and sectors. Read more on "EDPB Adopts Report on GDPR Right of Access Following 2024 Coordinated Enforcement Action" on Francesca Blythe and Eleanor Dodding's blog post.

Join Women in Privacy? on March 12 in at Sidley’s London office for “Practical Steps for Complying With AI Literacy Obligations.” The event will feature a networking lunch followed by a discussion with Astellas Pharma’s Shivali Mayor, Amazon Web Services (AWS)’s Sasha Rubel, and Axiom’s Shazia Khan. Learn more and register here: https://bit.ly/40T7B9b.

Read more on "Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use" on Hardy Callcott,?Nathan Howell,?Kate Lashley,?Andrew Sioson,?Lilya Tessler,?and?Alec S.' blog post.

On January 29, 2025, the U.S. Copyright Office issued the second part of its Report on Copyright and Artificial Intelligence, following a Notice of Inquiry (NOI) the Office issued in 2023. Read more on "U.S. Copyright Office Issues Report on Artificial Intelligence and Copyrightability" on Lauren De Lilly,?Nima Mohebbi,?Rollin Ransom,?Kristina Martinez, P.E.,?and?Sebastien Wadier's blog post.

On January 15, 2025 the EU Commission published an action plan with an aim to support cybersecurity in hospitals and healthcare providers in the EU. The Action Plan is another response by the EU to the increasing cybersecurity threats facing all industries, including the health sector. Read more on "EU Commission Launches Cybersecurity Action Plan for Hospitals and Healthcare Providers" on Francesca Blythe and Eleanor Dodding's blog post.