Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a...more
4/15/2025
/ Certifications ,
Compliance ,
Cybersecurity ,
Data Security ,
Filing Deadlines ,
Information Security ,
Insurance Industry ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers...more
Many expect that deal activity will increase in 2025. As we approach the end of the first quarter, it is helpful to keep in mind privacy and data security issues that can potentially derail a deal. We discussed this in a...more
In the waning days of the Biden administration, the FTC published an update to its COPPA Privacy Rule. The status of this update, however, is unclear. The revisions to the rule were posted on the FTC website prior to the...more
The Oregon AG’s Office, along with the state’s Department of Justice, issued guidance late last year on how state laws apply to the ways businesses use AI. The guidance may be two months old, but the cautions are still...more
2/26/2025
/ Artificial Intelligence ,
Bias ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Security ,
Oregon ,
Privacy Laws ,
State Privacy Laws ,
Technology Sector ,
Transparency
It is hard to believe that another year is upon us! As we have done in years past (including 2023, 2022, 2021, 2020, 2019 and 2018), we have created a comprehensive resource of all our www.eyeonprivacy.com posts from 2024. As...more
1/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Agenda ,
Risk Management ,
Social Media ,
State Privacy Laws ,
Technology Sector ,
UK
As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying...more
In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while...more
12/17/2024
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
NIST ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector
The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more
The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few...more
10/30/2024
/ Artificial Intelligence ,
California ,
Data Security ,
Disclosure ,
Entertainment Industry ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Robocalling ,
State and Local Government ,
State Privacy Laws ,
Transparency
The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last...more
10/29/2024
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Security ,
Financial Services Industry ,
Incident Response Plans ,
New York ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reporting Requirements ,
Risk Management ,
State Privacy Laws
Verkada, a manufacturer and retailer of security cameras, has settled FTC accusations of lax security measures. The company sells its products to businesses, including schools and medical facilities. It markets its products...more
A biotech company recently settled with three AGs over allegations that it had failed to protect consumer information. According to the AGs of Connecticut, New York and New Jersey, this led to a 2023 data incident. The...more
8/28/2024
/ Data Breach ,
Data Protection ,
Data Security ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
New York ,
Policies and Procedures ,
Privacy Laws ,
Settlement ,
State Attorneys General ,
State Privacy Laws
New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how...more
8/23/2024
/ Consumer Protection Laws ,
Cookies ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet Privacy ,
New Guidance ,
New York ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
8/2/2024
/ Cell Phones ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Information Security ,
Privacy Laws ,
Settlement ,
Telecommunications ,
TracFone Wireless ,
Wireless Devices ,
Wireless Industry
In its ongoing concern with “dark patterns,” the FTC recently announced results of two reviews of sites and apps purportedly engaging in the practice. As a reminder, the FTC views as “dark patterns” practices or web designs...more
Indiana recently amended its breach notification law to include as personal information age verification information collected by adult websites. At the same time, the state passed a new law for adult websites...more
In what may become an annual tradition, Pennsylvania has amended its breach notification law. The new provisions will take effect on September 26, 2024. As a reminder, Pennsylvania changed its law last year to expand the...more
Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike...more
Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a...more
5/30/2024
/ Artificial Intelligence ,
Connected Cars ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
Social Media ,
State and Local Government ,
State Privacy Laws ,
Transportation Industry ,
Web Tracking
Utah, among other privacy laws it has enacted or modified recently, has also modified its breach notification law. This follows last year’s changes to the law, which among other things codified the state’s Cyber Center....more
4/22/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
Earlier this month, accompanying an update to a rule prohibiting the impersonation of businesses and governments, the FTC sought comments on extending the rule to prohibit impersonation of individuals. The agency indicated...more
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use...more
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular,...more