Several state attorneys general (AGs) and the Federal Trade Commission (FTC) have begun scrutinizing ancestry tracking company 23andMe following its recent announcement that it has filed for Chapter 11 bankruptcy. As part of...more
4/7/2025
/ 23andMe ,
Bankruptcy Court ,
Biometric Information ,
Chapter 11 ,
Commercial Bankruptcy ,
Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Protection ,
DNA ,
Federal Trade Commission (FTC) ,
Genetic Materials ,
Popular ,
Privacy Concerns ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
As one of her last acts in office, on December 24, 2024, Oregon Attorney General (AG) Ellen Rosenblum issued guidance for businesses deploying artificial intelligence (AI) technologies. The guidance highlights the risks...more
1/13/2025
/ Artificial Intelligence ,
Bias ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Discrimination ,
Machine Learning ,
Oregon ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
New York Attorney General (AG) Letitia James and global movie theater operator National Amusements, Inc. (National) settled a lawsuit stemming from a 2022 data breach reported by National, which affected 82,128 National...more
12/9/2024
/ Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Movie Theaters ,
Penalties ,
Personally Identifiable Information ,
Settlement ,
State Attorneys General
In an unusual move, attorneys general (AG) from 30 states and the District of Columbia filed a bipartisan amicus brief in the Ninth Circuit supporting efforts to revive a proposed class action against payment processor...more
7/25/2024
/ Amicus Briefs ,
Class Action ,
Data Collection ,
Data Privacy ,
Data Protection ,
Financial Services Industry ,
Internet Retailers ,
Payment Processors ,
Personal Jurisdiction ,
Personally Identifiable Information ,
Shopify ,
State Attorneys General ,
Unfair Competition Law (UCL)
Similar to other state consumer data protection acts enacted over the past two years, the Colorado Privacy Act (CPA) allows Colorado consumers to opt out of the sale of personal data and the processing of such data for...more
12/5/2023
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Colorado ,
Comment Period ,
Data Collection ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Public Comment ,
State Attorneys General ,
State Data Privacy Laws
Rutters, a prominent grocery chain in Pennsylvania with 80 locations statewide, settled a data breach investigation with Attorney General (AG) Michelle Henry’s office by agreeing to pay $1 million and to implement certain...more
10/19/2023
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Grocery Stores ,
Pennsylvania ,
Personal Information ,
Regulatory Oversight ,
State Data Breach Notification Statutes ,
State Data Privacy Laws
State Attorneys General (AGs) uniquely wield power to enforce the law, direct policy, and effectuate political goals. Exercising their civil prosecutorial authority, State AGs have redefined priorities of paramount concern to...more
On June 12, a bipartisan group of 23 attorneys general wrote a letter to the chief counsel for the National Telecommunications and Information Administration (NTIA), recommending a risk-based approach to a regulatory...more
Drawing from her experience investigating and prosecuting businesses in the aftermath of cybersecurity breaches, New York Attorney General Letitia James released a guide to help companies implement effective data security...more
On March 15, Colorado Attorney General Phil Weiser recorded the final version of the Colorado Privacy Act (CPA) Rules, granting Coloradans rights over their own personal data. Effective July 1, the CPA marks the third state...more
On January 27, California Attorney General Rob Bonta announced an “investigative sweep” of businesses with mobile applications for allegedly failing to comply with the California Consumer Privacy Act (CCPA). This ongoing...more
In January 2023, New York Attorney General Letitia James sent a letter to Madison Square Garden Entertainment Corporation (MSG), seeking information about its use of facial recognitional technology to prohibit ticketholders...more
In addition to a night of revelry, the 2023 new year will trigger the many new privacy mandates in the Virginia Consumer Data Protection Act (VCDPA) for businesses operating in Virginia — only the second state with active...more
Editor’s Note: This past month featured increased activity in privacy and data protection. U.S. Legislation and Regulation. Connecticut’s governor signed a comprehensive privacy bill, and President Biden has before him a bill...more
Seven state attorneys general, led by New York Attorney General Letisha James, reached a settlement with Residual Pumpkin Entity LLC (formerly known as CafePress LLC) (“CafePress”), related to a 2019 data security incident,...more
Late last month, a coalition of 28 attorneys general announced a $5 million multistate settlement with Tennessee-based Community Health Systems, Inc. (CHS), stemming from the 2014 data breach that involved the personal...more