On November 10, 2025, New York’s disclosure law on algorithmic pricing went into effect. This post will describe the law, a recent federal court case, and some potential effects, using precise geolocation data as an example.
The law
The law
Regulators, including FCC, emphasize third party vendor cybersecurity monitoring requirements
Many data breaches occur not at the company that controls or owns the data, but rather at the company’s third-party service providers or vendors. Regulators have noticed and have begun placing emphasis on a company’s obligation to monitor its service
Happy e-Discovery Day
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point
California tightens data breach notification timelines, imposes 30-day notice requirement
California recently signed into law Senate Bill No. 446, which amends its data breach notification law, Section 1798.82 of the Civil Code, to require covered companies to notify affected California residents within 30 calendar days of discovery of the data
NYDFS fines licensee $2 million for lack of email retention policy and MFA
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent.
California’s anti-employment-discrimination regulations now include AI, expand retention requirements
On June 27, 2025, the California Civil Rights Council, which is part of the Civil Rights Department, published revised regulations to protect against employment discrimination as a result of an employer’s use of artificial intelligence (AI) and other technologies that
FTC finalizes COPPA rule amendments
On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a
Violation of HIPAA Security Rule = Violation of NY SHIELD Act
FTC proposed consent order prohibits perpetual retention of personal information
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit
“Forever and forever, farewell”: FTC prohibits indefinite retention of PHI in consent order
On February 1, 2023, the Federal Trade Commission announced a complaint and stipulated order with GoodRx, with the FTC using for the first time its interpretation of the Health Breach Notification Rule. Under the Rule, the FTC interpreted a