Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a reminder of the information security programs that are expected to be in place.
Eye On Privacy
Timely Updates and Analysis on Privacy and Cybersecurity Issues
Blog Authors
Latest from Eye On Privacy
Arkansas’ Kids Social Media Law: Another One Bites the Dust
Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from enforcing the law. It was a modified version of Arkansas’ 2023 SB 396, that was also…
Auto Insurer Settles With New York AG Over Insurance Application Platform Security Issues
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers by exploiting a website error on its car insurance application portal. Namely, upon entering a publicly available name and address, the site…
US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms
Virginia’s Governor, Glenn Youngkin, vetoed a bill this week that would have regulated “high-risk” artificial intelligence systems. HB 2094, which narrowly passed the state legislature, aimed to implement regulatory measures akin to those established by last year’s Colorado AI Act. At the same time, Colorado’s AI Impact Task Force issued concerns about the…
SEC Creates New Tech-Focused Enforcement Team
On February 20, the SEC announced the creation of its Cyber and Emerging Technologies Unit (CETU) to address misconduct involving new technologies and strengthen protections for retail investors. The CETU replaces the SEC’s former Crypto Assets and Cyber Unit and will be led by SEC enforcement veteran Laura D’Allaird.…
Utah Pioneers App Store Age Limits
Utah’s governor recently signed the first law which puts age restrictions on app downloads. The law (the App Store Accountability Act, SB 142), was signed yesterday (Wednesday, March 26, 2025). We anticipate that the law may be challenged, similar to NetChoice’s challenge to the Utah Social Media Regulation Act and other similar state…
Oregon’s Privacy Law: Six Month Update, With Six Months to End of Cure Period
Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report in February of last year to assess how consumers and businesses were responding to its privacy law.…
New York AG Settles with School App
The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that assists students with tracking their calendars and events. It also includes connection and social networking features and displayed…
New Ohio Transparency Pricing Rules for Hospitals Comes with Limits to Targeted Advertising
Starting April 3, Ohio hospitals will have to navigate new requirements under House Bill 173. This law mandates greater transparency in healthcare pricing. It also includes rules for selling or targeted advertising related to personal information hospitals collect from price estimator tools (discussed in more detail below). The law applies to hospitals in Ohio,…
Common Privacy Pitfalls in M&A Deals
By Liisa Thomas & Snehal Desai
Many expect that deal activity will increase in 2025. As we approach the end of the first quarter, it is helpful to keep in mind privacy and data security issues that can potentially derail a deal. We discussed this in a webinar last week, where we highlighted issues from the buyer’s perspective. We recap the…