Should kids be on social media? At what age? Should parents monitor their conversations on those platforms? Do parental controls work? These are questions facing many parents and guardians, especially with the increasing use...more
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a...more
Last week, the U.S. Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) that would require a Cybersecurity Maturity Model Certification (CMMC) program to become...more
This week, the New York Attorney General issued two privacy guides—one for businesses and one for consumers—outlining online tracking and privacy controls for websites and browsers....more
This week, Ken Paxton, the Texas Attorney General, filed suit against General Motors for alleged violations of the Texas Deceptive Trade Practices Act in collecting and selling drivers’ data to insurers without consumer...more
Candid Color Systems Inc., based in Oklahoma, faces a class action lawsuit for its alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Candid Colors offers marketing services to photographers,...more
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the...more
8/9/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Colorado ,
Discrimination ,
Machine Learning ,
Risk Assessment ,
Risk Mitigation ,
Risk-Based Approaches ,
State Legislatures
Last week, Illinois Governor JB Pritzker signed S.B. 2979 to amend the Biometric Information Privacy Act (BIPA) immediately to define the repeated collection of the same biometric data without consent as a SINGLE, COLLECTIVE...more
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the...more
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized...more
7/25/2024
/ Cell Phones ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
FCC ,
Information Security ,
Settlement ,
Telecommunications ,
TracFone Wireless ,
Wireless Devices ,
Wireless Industry
Last month, multiple car dealerships and auto repair shops filed federal lawsuits against CDK Global LLC, a technology company providing software to the automotive, heavy truck, recreation, and heavy equipment industries, as...more
Minnesota was the nineteenth state to pass a comprehensive data privacy law, the Minnesota Consumer Privacy Act (H.F. 4757) (MCPA), which becomes effective on July 31, 2025.
While we continue to see more of these laws...more
The regulatory enforcement agency for the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA), the California Privacy Protection Agency (CPPA) announced additional...more
The Telephone Consumer Protection Act (TCPA) has not been updated in over 30 years. The Federal Communications Commission (FCC) has been asked by Congress to take “decisive action in addressing the escalating issue of...more
Following the Sephora and DoorDash enforcement actions, on June 18, 2024, the California Attorney General announced its third California Consumer Privacy Act (CCPA) enforcement action against Tilting Point Media LLC. Tilting...more
Last week Marriott Hotel Services was hit with a class action lawsuit for alleged violations of the Illinois’ Biometrics Information Privacy Act (BIPA). The lawsuit alleges that the hotel violated BIPA by requiring workers to...more
5/28/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
Hospitality Industry ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Statutory Violations
CYBERSECURITY -
CISA Issues Advisory on Black Basta Ransomware -
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that...more
5/17/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
NIST ,
Ransomware ,
Risk Mitigation
Last week, the Vermont legislature passed H. 121, the Vermont Data Privacy Act. This law will make Vermont the 18th state to grant consumers privacy rights similar to those under the California Consumer Privacy Act (CCPA). It...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/13/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Snapchat ,
Surveillance ,
TikTok
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/10/2024
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Social Media
This week, the Massachusetts Supreme Judicial Court (SJC) reviewed a lower court’s dismissal of gun-related indictments against Richard Dilworth, Jr., related to the state’s refusal to disclose the bitmojis and usernames it...more
CYBERSECURITY -
CISA + Partners Issue Alert for Protection of Water Systems, Dams, Energy + Food + Ag -
In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency...more
5/3/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Location Data ,
OCR
Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
Future LLC, a magazine and website publisher and owner of the TechRadar.com website, faces allegations that it collected website visitors’ IP addresses without consent in violation of the California Invasion of Privacy Act...more
4/26/2024
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
CIPA ,
Consumer Privacy Rights ,
Data Collection ,
Opt-Outs ,
Popular ,
Privacy Policy ,
Targeted Digital Advertising ,
Web Tracking ,
Websites
CYBERSECURITY -
New Threat: Scattered Spider International Coalition of Hackers -
Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected...more