This article was originally published on August 4, 2025 on Law360 and is republished here with permission.
The digital age presents a complex challenge: protecting children online while also allowing free speech to continue to be a thriving marketplace of ideas.
Ashley Taylor, Clayton Friedman, Gene Fishel, and Jay Myers of Troutman Pepper Locke LLP discuss actions by state attorneys general under existing and AI-specific laws to address misuse and legal violations of AI.
State attorneys general (AGs) continue to play a pivotal role as innovators, shaping the regulatory environment by leveraging their expertise and resources to influence policy and practice. The public-facing nature of AG offices across the U.S. compels them to respond to constituent concerns on abbreviated timetables. This political sensitivity, combined with the AGs’ authority to address both local and national issues, underscores their significant influence in the current regulatory environment.
Published in Law360 on January 22, 2025. © Copyright 2025, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.
In the first installment of this two-part article, state attorneys general across the U.S. took bold action in 2024 to address what they perceived as unlawful activities by corporations in several areas, including privacy and data security, financial transparency, children’s internet safety, and other overall consumer protection claims.
In a landmark decision, the Georgia Supreme Court has expanded the Georgia Open Records Act (the Act) to include private businesses and contractors working with state and local government entities. The ruling in Milliron v. Antonakakis clarifies that public records held by nongovernment entities are subject to the same transparency requirements as government agencies. Consequently, businesses in sectors like construction, IT, health care, and consulting must navigate the Act’s complexities to avoid liability. This article explores the court’s decision and offers practical steps for compliance. For more insights, listen to our latest Regulatory Podcast episode, “Unveiling the Impact: How Georgia’s Open Records Act Affects Private Businesses.”
Dear Mary,
Which states now have statutory laws prohibiting payment of ransom following a data security breach? Are there others working on such legislation, to your knowledge?
– Dick Clarke (But Not the New Year’s Eve Guy)
On January 16, New Jersey became the first state this year to enact a comprehensive privacy law, S332, which applies to businesses conducting operations in the state or targeting its residents. As noted in this article by our privacy team, similar to other state comprehensive privacy laws, S322 grants consumers the right to confirm, correct, delete, obtain a copy of their personal data, and opt out of its processing for targeted advertising, sale, or profiling. Controllers and processors are obligated to limit data collection, establish security practices, and provide a privacy notice. They are also required to conduct a data protection assessment for processing activities that pose a heightened risk of harm to consumers. The New Jersey Attorney General’s Office has exclusive authority to enforce violations, treating them as “unlawful practices” under the New Jersey Consumer Fraud Act. The law takes effect on January 16, 2025, with an 18-month grace period for organizations to correct violations before enforcement actions are taken.