Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a...more
4/15/2025
/ Certifications ,
Compliance ,
Cybersecurity ,
Data Security ,
Filing Deadlines ,
Information Security ,
Insurance Industry ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from...more
4/11/2025
/ Constitutional Challenges ,
First Amendment ,
Free Speech ,
Minors ,
New Legislation ,
Online Safety for Children ,
Parental Consent ,
Privacy Laws ,
Proposed Legislation ,
Social Media ,
State Privacy Laws
The Virginia law, like the Colorado Act, would have imposed various obligations on companies involved in the creation or deployment of high-risk AI systems that influence significant decisions about individuals in areas such...more
3/31/2025
/ Algorithms ,
Artificial Intelligence ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
State and Local Government ,
State Legislatures ,
State Privacy Laws ,
Technology ,
Texas ,
Virginia
Utah’s governor recently signed the first law which puts age restrictions on app downloads. The law (the App Store Accountability Act, SB 142), was signed yesterday (Wednesday, April 26, 2025). We anticipate that the law may...more
Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report...more
The Oregon AG’s Office, along with the state’s Department of Justice, issued guidance late last year on how state laws apply to the ways businesses use AI. The guidance may be two months old, but the cautions are still...more
2/26/2025
/ Artificial Intelligence ,
Bias ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Security ,
Oregon ,
Privacy Laws ,
State Privacy Laws ,
Technology Sector ,
Transparency
The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers...more
2/24/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Data Privacy ,
Discrimination ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
New Guidance ,
New Jersey ,
State Attorneys General ,
State Labor Laws ,
State Privacy Laws ,
Technology Sector
The California privacy regulator recently settled with a data broker (Key Marketing Advantage LLC) that it alleged had violated the state’s data broker law. Under the Delete Act, data brokers must, among other things,...more
The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on...more
New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee....more
1/7/2025
/ Artificial Intelligence ,
Artificial Reproduction ,
Cybersecurity ,
Innovative Technology ,
Machine Learning ,
New York ,
Privacy Laws ,
Regulatory Agenda ,
Risk Management ,
State Privacy Laws ,
Technology Sector
As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying...more
Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15)....more
In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year....more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments,...more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
12/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Legislative Agendas ,
Machine Learning ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Risk Assessment ,
State and Local Government ,
State Privacy Laws ,
Technology
The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which...more
12/9/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Cybersecurity ,
Data Brokers ,
Deadlines ,
Enforcement Actions ,
Insurance Industry ,
Legislative Agendas ,
Machine Learning ,
Privacy Laws ,
Proposed Rules ,
Regulatory Agenda ,
State Privacy Laws
The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more
Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down....more
11/7/2024
/ COPPA ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
First Amendment ,
Florida ,
Legislative Agendas ,
Online Safety for Children ,
Parental Consent ,
Privacy Laws ,
Regulatory Agenda ,
Social Media ,
State Legislatures ,
State Privacy Laws
The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few...more
10/30/2024
/ Artificial Intelligence ,
California ,
Data Security ,
Disclosure ,
Entertainment Industry ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Robocalling ,
State and Local Government ,
State Privacy Laws ,
Transparency
Those tracking CIPA litigation are familiar with the recent decision holding in favor of a company whose site had an online chat operated by a vendor. The court in that case held (1) that the company had not violated the...more
California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites....more
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join...more
9/24/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on...more
The New York Attorney General’s office and the UK Information Commissioner’s Office were busy last month when it came to children’s privacy. Both sought input from the public about regulating children’s online privacy,...more