-
2 days ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
Montana’s privacy law has received a refresh and updates will go into effect October 1, 2025 – exactly one year since the law took effect. The law was modified with SB 297, and changes include coverage, approach with minors, and more: Broadening who is covered. Previously, Montana’s privacy law applied only to those controlling or processing the personal data of at least 50,000 Montanans.
-
1 month ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
[co-author: James O'Reilly*]Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the changes will take effect January 1, 2026. Courts have struck down similar laws in other states (see our posts about those in Arkansas, California, and Utah) and thus opposition seems likely here as well.
-
1 month ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
The Belgian Data Protection Authority recently ruled that a Belgian government entity, FPS Finance, cannot transfer the personal data of “accidental Americans” to the IRS. According to the decision, the transfers needed to cease for several reasons. The case was brought by a dual US-Belgian citizen, who, while a US citizen by birth, did not reside in the US or otherwise have any significant connections to the US (i.e., an “accidental American”).
-
1 month ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
[co-author: James O'Reilly]*The FTC’s settlement with Cleo AI gives some indication as to what we might see from the agency in the coming months. The FTC alleged, among other things, that Cleo AI’s actions violated Section 5 of the FTC Act. In particular, as reported in our sister blog, Cleo AI required people to enroll in a paid subscription plan, even though they marketed their services as free.
-
2 months ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
[co-author: James O'Reilly*]Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a reminder of the information security programs that are expected to be in place.
-
2 months ago | 
openlegalblogarchive.org | Liisa M. Thomas |Kathryn Smith
Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a reminder of the information security programs that are expected to be in place.
-
2 months ago | 
lexology.com | Liisa M. Thomas |Kathryn Smith |James O'Reilly
Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a reminder of the information security programs that are expected to be in place.
-
2 months ago | 
jdsupra.com | Kathryn Smith |Liisa M. Thomas
Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from enforcing the law. It was a modified version of Arkansas’ 2023 SB 396, that was also blocked. The plaintiff in both challenges was NetChoice, a group familiar to anyone following kids’ social media laws.
-
2 months ago | 
openlegalblogarchive.org | Liisa M. Thomas |Kathryn Smith
Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from enforcing the law. It was a modified version of Arkansas’ 2023 SB 396, that was also blocked. The plaintiff in both challenges was NetChoice, a group familiar to anyone following kids’ social media laws.
-
2 months ago | 
mondaq.com | Liisa M. Thomas |Kathryn Smith |James O'Reilly
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Companyfollowing a 2021 data incident. According to the AG, the threatactors obtained people's drivers' license numbers byexploiting a website error on its car insurance application portal. Namely, upon entering a publicly available name and address, thesite would generate a prefilled PDF that included that person'sdrivers' license number, which numbers were pulled fromthird-party databases.
