U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard...more
Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been...more
5/23/2025
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dental Practice ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personal Information ,
Privacy Laws
In yet another reminder that California takes data privacy seriously, this month, the California Privacy Protection Agency (CPPA) fined Florida-based data broker Jerico Pictures, Inc. (d/b/a National Public Data) $46,000 for...more
AI service provider Serviceaide Inc. faces two proposed class action lawsuits from a data breach tied to Catholic Health System Inc., a nonprofit hospital network in Buffalo, New York. The breach reportedly exposed the...more
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making...more
The California Consumer Privacy Protection Agency (CPPA) Board issued a stipulated final order against Todd Snyder, Inc., a clothing retailer based in New York, requiring the company to pay a $345,178 fine and update its...more
Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels...more
In a big win for businesses, a California federal court just held that a “tester” plaintiff—someone who visits websites to initiate litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA)....more
Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses...more
This week, the California Privacy Protection Agency (CPPA) board held its April meeting to discuss the latest set of proposed regulations, including automated decision-making technology (ADMT) regulations. Instead of...more
California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and...more
The Pennsylvania State Education Association (PSEA) faces a class action resulting from a July 2024 data breach. The proposed class consists of current and former members of the union as well as PSEA employees and their...more
Last week, the California Privacy Protection Agency (CPPA) settled its first non-data broker enforcement action against American Honda Motor Co. for a $632,500 fine and the implementation of certain remedial actions....more
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting...more
Edison Electric Institute (EEI), an association that represents all U.S. investor-owned electric companies, petitioned the Federal Communications Commission (FCC) to permit calls and texts under the Telephone Consumer...more
A federal district court has denied a motion by Johnson & Johnson Consumer Inc. (JJCI) to dismiss a second amended complaint alleging it violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing...more
3/14/2025
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Illinois ,
Johnson & Johnson ,
Mobile Apps ,
Prior Express Consent ,
State Privacy Laws ,
Statutory Violations
The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete...more
3/7/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Beware of demand letters from plaintiffs’ attorneys for allegations of illegal use of pen registers, trap and trace pixels, and search bar pixels—why? This “trap and trace” litigation is a growing trend for plaintiffs’...more
2/28/2025
/ California ,
CIPA ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Demand Letter ,
Litigation Strategies ,
Privacy Laws ,
State Privacy Laws ,
Web Tracking ,
Wiretapping
Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as...more
2/21/2025
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Privacy Laws ,
Privacy Policy ,
State Privacy Laws ,
Web Tracking ,
Websites
Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.
NewsBank provides a database of archived news publications...more
2/21/2025
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Identity Theft ,
Personal Data ,
Personal Information ,
Privacy Laws
Stemming from Colorado’s Concerning Consumer Protections in Interactions with Artificial Intelligence Systems Act (the Act), which will impose obligations on developers and deployers of artificial intelligence (AI), the...more
Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This...more
1/31/2025
/ Automotive Industry ,
Connected Cars ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Manufacturers
The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their...more
Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle...more
On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring...more