New York state Assembly Bill A3411B (“the Bill”) passed its third reading in the senate on March 9, 2026, sending it through the legislature and preparing it for delivery to Governor Kathy Hochul. If enacted, the Bill will require owners, licensees, and operators of generative AI systems to display a clear and conspicuous notice on […]
About Dorian Simmons
Key AI, Cybersecurity, and Privacy Takeaways from the NAIC 2026 Spring Meeting
From March 22–25, the National Association of Insurance Commissioners (“NAIC”) held its 2026 Spring National Meeting in San Diego, California. During the meeting, the Innovation, Cybersecurity, and Technology Committee, along with its working groups on Third-Party Data and Models, Big Data and Artificial Intelligence, and Cybersecurity, addressed key developments regarding oversight of third-party data and […]
CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement
On February 27, 2026, the California Privacy Protection Agency (“CalPrivacy”) issued an order (the “Order”) requiring a sports-focused media and technology company (the “Company”) to pay a $1.10 million administrative fine for violations of the California Consumer Privacy Act (“CCPA”). The action continues California regulators’ scrutiny of how companies deploy cookies, software development kits and […]
Federal Court Rules using AI Tools can Waive Privilege, Even if Privileged Information is Input into Them
On February 10, 2026, the U. S. District Court for the Southern District of New York held that a criminal defendant could not claim attorney-client privilege over documents he produced using a commercially available artificial intelligence (“AI”) tool – even though he had input privileged information from his lawyers into the tool. This case is […]
New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law
On January 20, 2026, the New Jersey Governor signed Assembly Bill A5017 (“Amendment”), amending the New Jersey Data Protection Act (“NJDPA”). The Amendment exempts data that is not protected health information (“non-PHI”) from the NJDPA when it is handled by covered entities or business associates in accordance with the privacy and security requirements of the […]