On November 10, 2025, New York’s disclosure law on algorithmic pricing went into effect. This post will describe the law, a recent federal court case, and some potential effects, using precise geolocation data as an example.
The law
The law
Regulators, including FCC, emphasize third party vendor cybersecurity monitoring requirements
Many data breaches occur not at the company that controls or owns the data, but rather at the company’s third-party service providers or vendors. Regulators have noticed and have begun placing emphasis on a company’s obligation to monitor its service
Service provider outages test customer resiliency
On November 18, 2025, companies had another opportunity to test their resiliency when connectivity and security provider Cloudflare had an outage of about four hours, which resulted in several popular websites going offline while others managed to provide some services
NYDFS releases guidance on third-party service provider risks
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not
Text messages and the new Texas registration requirement
On September 1, 2025, Texas amended its telephone solicitation law to include text messages and to add several new requirements, including a registration requirement with the Texas Secretary of State, plus a form of security (such as a bond) in
NYDFS fines licensee $2 million for lack of email retention policy and MFA
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent.
California’s proposed cybersecurity audit regulation
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer Privacy Act: mandatory annual cybersecurity audits for certain businesses. These new requirements are now undergoing review by the
White House unveils AI Action Plan in artificial intelligence
On July 23, 2025, the White House released a sweeping new policy framework titled “Winning the AI Race: America’s AI Action Plan” (the “Plan”), describing the federal government’s approach to artificial intelligence (“AI”). This initiative, developed under the
California’s anti-employment-discrimination regulations now include AI, expand retention requirements
On June 27, 2025, the California Civil Rights Council, which is part of the Civil Rights Department, published revised regulations to protect against employment discrimination as a result of an employer’s use of artificial intelligence (AI) and other technologies that
The Healthline Order: Privacy law grows teeth
The proposed $1.55 million CCPA settlement with Healthline is not just the largest of its kind to date – it is, more importantly, it marks a pivotal evolution in how American regulators are approaching consumer privacy enforcement.
The facts are