Privacy & Cyber Regulatory Enforcement

Texas AG Files Complaint Against Major Insurance Company Regarding Data Practices

January 21, 2025 By Jennifer Everett, Kate Hanniford and Carson Kuck

The Texas Office of the Attorney General recently has become increasingly interested in the practices of organizations who collect and utilize consumer data. On January 13, 2025, the Attorney General of Texas, Ken Paxton, (the “Texas AG”) filed a complaint (the “Complaint”) against a large insurance entity and its subsidiary company (“Defendants”). The Complaint outlines […]

FTC Finalizes COPPA Rule Amendments

January 17, 2025 By Maki DePalo and Hyun Jai Oh

On January 16, 2025, the Federal Trade Commission (FTC) voted 5-0 to approve the finalized amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) that would offer additional privacy safeguards for children under the age of thirteen. The amened COPPA Rule will require operators to obtain separate verifiable parental consent before disclosing personal information […]

Top Ten Takeaways from California AG’s Healthcare AI Advisory

January 15, 2025 By Daniel Felz and Jennifer Everett

On January 13, 2025, California Attorney General (“AG”) Rob Bonta issued an advisory describing providers’ and businesses’ obligations related to the development, sale, and use of artificial intelligence (“AI”) and automated decision systems (“ADS”) in the healthcare industry (“Advisory”). The Advisory puts healthcare providers, insurers, and businesses serving the healthcare industry on notice of the […]

New York Amends Data Breach Notification Law with Immediate Implications

January 6, 2025 By Kim Peretti and Alysa Austin

In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]

CPPA Opens Formal Public Comment Period for CCPA Proposed Regulations

December 2, 2024 By Dorian Simmons and Yin Tydir

On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) issued a Notice of Proposed Rulemaking and opened the formal comment period for its proposed regulations on updates to existing California Consumer Privacy Act (the “CCPA”) regulations, cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and the applicability of the CCPA to insurance companies. […]