On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve

Susan Ross (US)
California and artificial intelligence watermarking law
On September 19, 2024, California enacted another law relating to artificial intelligence, this time relating to watermarking. The new law (SB 942) requires making certain AI detection tools available at no cost to users. The new law does…
Security cameras, CAN-SPAM, and “reasonable or appropriate security”
On August 30, 2024, the Federal Trade Commission (FTC) announced a proposed settlement with security camera manufacturer Verkada Inc., claiming Verkada committed a variety of unfair or deceptive acts or practices in violation of § 5 of the Federal Trade…
California Attorney General and data security, access and retention
Violation of HIPAA Security Rule = Violation of NY SHIELD Act
CCPA compliance is not child’s play—but network traffic testing can help
On June 18, 2024, the California Attorney General and Los Angeles City Attorney filed a complaint and stipulated final judgment (including a $500,000 settlement) with Tilting Point Media LLC (“Defendant” or “Tilting Point”), resolving allegations that the video game developer…
Minnesota enacts comprehensive privacy law
On May 24, 2024, the Minnesota Governor signed the Minnesota Consumer Data Privacy Act (“MCDPA”), making Minnesota the eighteenth state to enact a comprehensive privacy law. The new law takes effect on July 31, 2025, for most regulated entities, with…
Is your Texas data protection assessment started?
As we have previously written, the Texas comprehensive privacy law, known as the Texas Data Privacy and Security Act (TDPSA), goes into effect on Monday, July 1, 2024. As a reminder, unlike other states’ comprehensive privacy laws that are…
The US government, privacy, and security – recent developments
The United States Federal Government is turning its attention to privacy and cybersecurity laws, and the result has been several recent legal developments that may have an impact on your business. Keeping up with these developments is not easy, so…
$10,000,000 civil penalty for disclosing personal data without consent
On April 15, 2024, the U.S. Department of Justice, upon referral from the Federal Trade Commission, filed a complaint and stipulated order against telehealth company Cerebral, Inc. The claims related to the company’s sharing personal data without consumer consent and…