On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent.
California’s proposed cybersecurity audit regulation
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer Privacy Act: mandatory annual cybersecurity audits for certain businesses. These new requirements are now undergoing review by the
White House unveils AI Action Plan in artificial intelligence
On July 23, 2025, the White House released a sweeping new policy framework titled “Winning the AI Race: America’s AI Action Plan” (the “Plan”), describing the federal government’s approach to artificial intelligence (“AI”). This initiative, developed under the
California’s anti-employment-discrimination regulations now include AI, expand retention requirements
On June 27, 2025, the California Civil Rights Council, which is part of the Civil Rights Department, published revised regulations to protect against employment discrimination as a result of an employer’s use of artificial intelligence (AI) and other technologies that
The Healthline Order: Privacy law grows teeth
The proposed $1.55 million CCPA settlement with Healthline is not just the largest of its kind to date – it is, more importantly, it marks a pivotal evolution in how American regulators are approaching consumer privacy enforcement.
The facts are
New Jersey’s proposed privacy rules include some surprises
On June 2, 2025, the New Jersey Attorney General’s Division of Consumer Affairs released proposed rules (57 N.J.R. 1101(a)) pursuant to the New Jersey Data Privacy Act (N.J.S.A. 56:8-166.4 et seq.). Although the proposed rules have many similarities to California’s
FTC’s COPPA Rule changes include AI training consent requirement
The Federal Trade Commission has published a Final Rule relating to changes in the Children’s Online Privacy Protection Act (“COPPA”) regulations, which will go into effect on Monday, June 23, 2025. The final Rule generally provides 365 days from the
NT Analyzer can help determine “data broker” status under the new Bulk Data Transfer requirements
Even if your business only sells goods or services in the U.S., your business may be a “data broker” under the new bulk data regulations, according to an April 11, 2025 Compliance Guide issued by the U.S. Department of Justice
North Dakota law heightens data security requirements for some financial institutions
Background
On January 7, 2025, North Dakota’s House Industry, Business, and Labor Committee introduced HB 1127, at the request of the Department of Financial Institutions. HB 1127 successfully passed through both legislative chambers and was signed into law by the
New York Attorney General, personal data, and SHIELD Act
On March 20, 2025, the New York Attorney General (“NYAG”) announced a settlement with Ohio-based Root Insurance, regarding privacy practices relating to its auto insurance online quoting tool. As part of the settlement, Root agreed to pay $975,000 and to