The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon.) Members include the Attorneys General from these states, as well as California’s privacy regulator (the CPPA).Continue Reading New Era of Collaboration? States Team Up to Coordinate on Privacy Laws

The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers in New Jersey, and some of its requirements overlap with new state “comprehensive” privacy laws. In particular, those laws’ requirements on automated decisionmaking. Those laws, however, typically do not apply in an employment context (with the exception of California). This New Jersey guidance (which mirrors what we are seeing in other states) is a reminder that privacy practitioners should keep in mind AI discrimination beyond the consumer context.Continue Reading New Jersey Discrimination Law Guide: Applicability of Existing Laws to AI Tools

Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15).Continue Reading Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025

New Jersey’s governor has signed into law the first US state comprehensive privacy law of 2024. It will go into effect January 16, 2025. For those keeping score, that puts New Jersey after Florida, Oregon, Texas (all July 1, 2024), Montana (October 1, 2024), Delaware, and Iowa (both January 1, 2025). But, before Indiana (January 1, 2026). (Visit this post for a more detailed recap).Continue Reading The Garden State Cultivates a Consumer Privacy Law – The First for 2024

EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals. As we previously reported, EyeMed entered into settlement with NYDFS over this breach in October of 2022. Continue Reading EyeMed Data Breach Multistate Settlement

The State Attorneys General in New York and New Jersey recently settled with four companies over alleged HIPAA noncompliance following phishing attacks. The New Jersey settlements were brought against three NJ-based cancer care providers after a phishing attack on several employees’ email accounts. That attack resulted in the unauthorized access of the PHI of 105,200 patients. Although the providers had implemented safeguards, the NJAG concluded that those measures were insufficient to protect against reasonably anticipated threats. In particular, the NJAG was concerned that an accurate and thorough risk assessment had not been conducted, nor was there sufficient employee training. As part of the settlement, the providers agreed to pay $425,000.
Continue Reading States Catch Health Care Entities Taking the Bait in Phishing Attacks