Document Version: 1.0 | Last Updated: March 31, 2026
Scope: California, Florida, Tennessee, Wyoming, Michigan, Arkansas
Executive Summary
Lauth Investigations International and its Return Assets Division (RAD) are committed to handling personal data responsibly and in compliance with all applicable federal and state regulations. This document provides a comprehensive overview of data privacy regulations, unclaimed property finder laws, and data handling requirements across six U.S. states where we operate.
We handle sensitive personal data — including names, addresses, dates of birth, Social Security numbers, and financial account details — in the course of unclaimed property recovery services. This data is processed using internal systems, third-party tools, and AI-assisted technologies for analysis, communication, and claims processing.
Key Findings by State:
- California — Most comprehensive requirements (CCPA/CPRA). Data processing agreements required with all service providers. Automated decision-making technology regulations effective 2026.
- Florida — FIPA breach notification applies. Finders must be licensed professionals (attorneys, CPAs, or licensed PIs) registered with the Department of Financial Services.
- Tennessee — TIPA applies to qualifying businesses. NIST Privacy Framework safe harbor provides affirmative defense.
- Wyoming — No comprehensive privacy law. Breach notification requirements apply. 24-month waiting period for finder agreements.
- Michigan — No comprehensive privacy law currently enacted (SB 359 pending). Finders must register with the Department of Treasury. 24-month waiting period.
- Arkansas — No comprehensive privacy law. Finder fees capped at 10%. 24-month waiting period. Fee violations referred to Attorney General.
1. Federal Baseline Requirements
1.1 FTC Act, Section 5
The Federal Trade Commission Act prohibits unfair or deceptive acts or practices in or affecting commerce (15 U.S.C. Section 45). This includes requirements related to AI-generated content disclosure, algorithmic fairness, and truthful representations about data handling practices.
1.2 Gramm-Leach-Bliley Act (GLBA)
The GLBA applies to institutions significantly engaged in financial activities. We implement GLBA-level safeguards as best practice for handling sensitive financial data, including maintaining a written information security program, identifying and assessing risks, implementing safeguards, and overseeing service providers.
1.3 Telephone Consumer Protection Act (TCPA)
The TCPA restricts automated telephone calls, text messages, and fax communications. Prior express written consent is required for marketing calls/texts to cell phones using auto-dialers, and Do-Not-Call list compliance is maintained at all times.
2. California (CCPA/CPRA)
Primary Law: California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code Sections 1798.100-1798.199.100)
Personal Information We Collect
Under California law, “personal information” includes information that identifies, relates to, or could reasonably be linked to a particular consumer or household. “Sensitive personal information” includes Social Security numbers, financial account numbers, and other heightened-protection categories.
Third-Party Service Providers
When sharing personal information with service providers (including AI-assisted tools and cloud services), we maintain written contracts that:
- Restrict use of data to specific authorized business purposes
- Prohibit selling, retaining, or using the data outside the contract scope
- Require the same level of privacy protection as required under CCPA
- Grant us the right to audit compliance
- Require notification if the provider can no longer meet its obligations
Your Rights (California Residents)
- Right to know what personal information is collected and how it is used
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt-out of the sale or sharing of personal information
- Right to limit the use of sensitive personal information
- Right to non-discrimination for exercising your rights
AI and Automated Decision-Making
We use AI-assisted tools to support claims processing, identity verification, and document analysis. California’s Automated Decision-Making Technology (ADMT) regulations require risk assessments and disclosure when AI is used for significant decisions. We comply with all applicable ADMT requirements, including pre-use notices and opt-out mechanisms where required.
3. Florida
Primary Laws: Florida Information Protection Act (FIPA), Fla. Stat. Section 501.171; Florida Deceptive and Unfair Trade Practices Act (FDUTPA)
Data Security
We take reasonable measures to protect and secure personal information in electronic form as required by FIPA. Third-party agents contracted to maintain, store, or process personal information on our behalf are also subject to FIPA requirements and must notify us immediately upon discovering any breach.
Professional Licensing
Florida requires all unclaimed property claimant representatives to be licensed attorneys, certified public accountants, or licensed private investigators registered with the Department of Financial Services. All Lauth representatives operating in Florida maintain proper licensing and registration.
Breach Notification
In the event of a security breach affecting personal information, we will notify affected individuals and the Florida Department of Legal Affairs as required by FIPA, within 30 days of determining a breach has occurred.
4. Tennessee
Primary Law: Tennessee Information Protection Act (TIPA), T.C.A. Sections 47-18-3201 et seq., effective July 1, 2025
Data Processing
Where TIPA applies, we maintain written contracts with all data processors governing data processing activities. Processors are required to ensure confidentiality, delete or return data upon contract termination, and cooperate with compliance obligations.
Your Rights (Tennessee Residents)
- Right to confirm processing and access your personal information
- Right to correct inaccuracies
- Right to delete your personal information
- Right to obtain a portable copy of your data
- Right to opt out of targeted advertising, profiling, or sale of personal information
NIST Framework Compliance
We maintain a written privacy program that conforms to the NIST Privacy Framework, providing the affirmative defense recognized under Tennessee law.
5. Wyoming
Primary Law: Wyoming Data Breach Notification Law, W.S. Sections 40-12-501 through 40-12-509
Wyoming does not currently have a comprehensive consumer privacy law. We comply with Wyoming’s breach notification requirements and Consumer Protection Act provisions. All finder agreements comply with the 24-month waiting period after property delivery to the state, and agreements are maintained in writing as required for enforceability.
6. Michigan
Primary Law: Michigan Identity Theft Protection Act (ITPA), MCL 445.61 through 445.79c
Michigan does not currently have a comprehensive consumer privacy law (the Personal Data Privacy Act, SB 359, is pending). We comply with Michigan’s Identity Theft Protection Act for breach notification and maintain registration with the Michigan Department of Treasury as required for unclaimed property locators. The 24-month waiting period for finder agreements is strictly observed.
7. Arkansas
Primary Law: Arkansas Personal Information Protection Act (PIPA), Ark. Code Sections 4-110-101 through 4-110-108
Arkansas does not currently have a comprehensive consumer privacy law. We comply with PIPA’s requirements for reasonable security measures and breach notification (45-day notification timeline). Finder fees are capped at 10% as required by Arkansas law, and the 24-month waiting period after property delivery to the Auditor of State is strictly observed.
8. How We Use Technology and AI
Lauth Investigations uses technology-assisted tools, including artificial intelligence, to help identify potential property owners, process claims, verify identities, and prepare correspondence. All AI-assisted communications are reviewed by our team members before delivery.
Our Commitments
- Data Processing Agreements: All AI tool vendors are bound by written agreements restricting data use to authorized purposes only
- No Model Training: We prohibit our vendors from using claimant data to train AI models or improve services beyond the contracted purpose
- Data Minimization: We send only the minimum data necessary for each processing task
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication on all systems containing personal data
- Human Review: AI-generated outreach and communications are reviewed by qualified team members before sending
9. State-by-State Compliance Summary
| Requirement | CA | FL | TN | WY | MI | AR |
|---|---|---|---|---|---|---|
| Comprehensive Privacy Law | CCPA/CPRA | FDBR ($1B+) | TIPA | None | Pending | None |
| Privacy Notice Required | Yes | No | Yes | No | No | No |
| Consumer Opt-Out Rights | Yes | No | Yes | No | No | Yes (sale) |
| Service Provider Contracts Required | Yes | Best Practice | Yes | Best Practice | Best Practice | Best Practice |
| AI Disclosure Required | Yes (ADMT) | Partial | Profiling opt-out | No | No | No |
| Breach Notification Law | Yes | Yes (FIPA) | Yes | Yes | Yes (ITPA) | Yes (PIPA) |
| Finder Registration Required | No | Yes (licensed PI) | No | No | Yes ($1,200) | No |
| Finder Fee Cap | 10% | 15-25% | 10% | None | None | 10% |
10. Contact Us
If you have questions about our data handling practices or wish to exercise your privacy rights, please contact us:
Lauth Investigations International
Indianapolis, Indiana
Phone: (317) 951-1100
Website: lauthinvestigations.com/contact
This policy overview is provided for informational purposes. It does not constitute legal advice. Laws and regulations change frequently; this document reflects the regulatory landscape as of March 31, 2026. For specific legal questions, please consult qualified legal counsel in the applicable jurisdiction.