In a landmark decision, the Georgia Supreme Court has expanded the Georgia Open Records Act (the Act) to include private businesses and contractors working with state and local government entities. The ruling in Milliron v. Antonakakis clarifies that public records held by nongovernment entities are subject to the same transparency requirements as government agencies. Consequently, businesses in sectors like construction, IT, health care, and consulting must navigate the Act’s complexities to avoid liability. This article explores the court’s decision and offers practical steps for compliance. For more insights, listen to our latest Regulatory Podcast episode, “Unveiling the Impact: How Georgia’s Open Records Act Affects Private Businesses.”
State Privacy Law
Restrictions on Paying a Ransom Demand
Dear Mary,
Which states now have statutory laws prohibiting payment of ransom following a data security breach? Are there others working on such legislation, to your knowledge?
– Dick Clarke (But Not the New Year’s Eve Guy)
NJ Charges Into 2024 With New Privacy Law
On January 16, New Jersey became the first state this year to enact a comprehensive privacy law, S332, which applies to businesses conducting operations in the state or targeting its residents. As noted in this article by our privacy team, similar to other state comprehensive privacy laws, S322 grants consumers the right to confirm, correct, delete, obtain a copy of their personal data, and opt out of its processing for targeted advertising, sale, or profiling. Controllers and processors are obligated to limit data collection, establish security practices, and provide a privacy notice. They are also required to conduct a data protection assessment for processing activities that pose a heightened risk of harm to consumers. The New Jersey Attorney General’s Office has exclusive authority to enforce violations, treating them as “unlawful practices” under the New Jersey Consumer Fraud Act. The law takes effect on January 16, 2025, with an 18-month grace period for organizations to correct violations before enforcement actions are taken.