The Consumer Financial Protection Bureau (CFPB) announced this week that it intends to increase the scrutiny on data brokers to better protect service members, law enforcement officials, domestic violence victims, senior...more
Last week, the California Privacy Protection Agency (CPPA) announced settlements with two data brokers, Growbots, Inc. and UpLead LLC, for failure to register and pay the fees required of a data broker under the California...more
While California was the first state to implement a comprehensive consumer privacy rights law and the first to bring an enforcement action for violations, Texas is quickly becoming the next privacy regulator to watch. The...more
During the California Privacy Protection Agency’s (CPPA) meeting on November 8, 2024, it voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. The CPPA’s rulemaking related...more
Oak Valley Hospital, located in Oakdale, California, reached a settlement in a class action related to a 2023 data breach. On July 18, 2023, Oak Valley detected suspicious activity on its IT systems. Pursuant to the forensic...more
Last week, the California Privacy Protection Agency (CPPA) announced it will conduct a public investigative sweep of data broker registration compliance under the California Delete Act....more
11/8/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Protection ,
Data Sellers ,
Government Investigations ,
Information Technology ,
Personal Information ,
Registration Requirement ,
Regulatory Oversight
Elemetal LLC faces a data breach class action resulting from its alleged failure to implement appropriate security measures, which led to a 2023 breach of approximately 13,000 customers’ personal information. Elemetal is a...more
On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state...more
This week, the Securities and Exchange Commission (SEC) charged four public companies for alleged deceptive cyber disclosures: Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited....more
As we outlined in our previous blog article, California recently became the second state to enact a law safeguarding consumer brain data, following a similar law passed by Colorado in April. Both state laws prevent the sale...more
Ally Financial Inc., a digital financial services company, faces two class action lawsuits in the U.S. District Court for the Western District of North Carolina related to an April 2024 data breach. The suits allege that Ally...more
This week, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, Marriott) agreed to settle on the terms of a settlement order with the Federal Trade Commission (FTC) for its...more
Last week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected...more
On Tuesday this week, Montana’s new consumer protections law took effect, joining many other states with similar consumer privacy rights legislation....more
Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy...more
The recent enforcement activities of the newest federal strike force serve as a warning to U.S. manufacturers and other businesses involved in the export of products that the government is doubling down on prosecuting trade...more
9/27/2024
/ Compliance ,
Criminal Prosecution ,
Cybersecurity ,
DOJ Strike Force ,
Economic Sanctions ,
Enforcement Actions ,
Export Control Reform Act (ECRA) ,
Export Controls ,
Exporters ,
Exports ,
Indictments ,
Manufacturers ,
Popular ,
Technology
Should kids be on social media? At what age? Should parents monitor their conversations on those platforms? Do parental controls work? These are questions facing many parents and guardians, especially with the increasing use...more
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a...more
Last week, the U.S. Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) that would require a Cybersecurity Maturity Model Certification (CMMC) program to become...more
This week, the New York Attorney General issued two privacy guides—one for businesses and one for consumers—outlining online tracking and privacy controls for websites and browsers....more
This week, Ken Paxton, the Texas Attorney General, filed suit against General Motors for alleged violations of the Texas Deceptive Trade Practices Act in collecting and selling drivers’ data to insurers without consumer...more
Candid Color Systems Inc., based in Oklahoma, faces a class action lawsuit for its alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Candid Colors offers marketing services to photographers,...more
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the...more
8/9/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Colorado ,
Discrimination ,
Machine Learning ,
Risk Assessment ,
Risk Mitigation ,
Risk-Based Approaches ,
State Legislatures
Last week, Illinois Governor JB Pritzker signed S.B. 2979 to amend the Biometric Information Privacy Act (BIPA) immediately to define the repeated collection of the same biometric data without consent as a SINGLE, COLLECTIVE...more
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the...more