On Monday, May 19, 2025, President Donald Trump signed the “Take It Down Act” into law. The Act, which unanimously passed the Senate and cleared the House in a 409-2 vote, criminalizes the distribution of intimate images of...more
Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as...more
A new study by Ivanti illustrates that one out of three workers secretly use artificial intelligence (AI) tools in the workplace. They do so for varying reasons, including “I like a secret advantage,” “My job might be...more
On April 21, 2025, the Oregon Department of Justice’s Privacy Unit reported a “big spike” in complaints about the Department of Government Efficiency (DOGE) in the first quarter of 2025....more
PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health...more
Becker’s Hospital Review reports that the Department of Government Efficiency (DOGE) “has access to sensitive information in 19 HHS databases and systems,” according to a court filing obtained by Wired. HHS provided the...more
4/25/2025
/ Data Collection ,
Data Privacy ,
Data Security ,
Department of Government Efficiency (DOGE) ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Employees ,
Federal Contractors ,
Government Agencies ,
Personal Data ,
Personal Information ,
PHI
Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include:
1.4 million complaints of...more
I have been getting a lot of texts that are clearly scams, and those around me have confirmed an increase in spammy texts.
According to an FTC Consumer Protection Data Spotlight, individuals lost over $470 million...more
Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit...more
In the ongoing saga of the 23andMe bankruptcy, Federal Trade Commission Chairman Andrew N. Ferguson recently sent a letter to the Trustee overseeing the 23andMe bankruptcy proceeding stating, “As Chairman of the Federal Trade...more
I am not sure what the rush was to make the JFK assassination files available, but the perceived urgency caused Social Security numbers of individuals involved in the investigation to be released to the public. Although The...more
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by...more
There are many factors to consider when assisting clients with assessing the use of artificial intelligence (AI) tools in an organization and developing and implementing an AI Governance Program. Although adopting an AI...more
If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more
A Microsoft blog post reported that incident response researchers uncovered a remote access trojan in November 2024 (dubbed StilachiRAT) that “demonstrates sophisticated techniques to evade detection, persist in the target...more
Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more
According to a new LayerX report, most users are logging into GenAI tools through personal accounts that are not supported or tracked by an organization’s single sign on policy. These logins to AI SaaS applications are...more
3/6/2025
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Machine Learning ,
Privacy Policy ,
Risk Management ,
Risk Mitigation ,
SaaS ,
Software
On February 21, 2025, a federal district court judge from the Southern District of New York issued a preliminary injunction against the Department of Government Efficiency’s (DOGE), access to Treasury Department payment...more
2/28/2025
/ Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Government Efficiency (DOGE) ,
Government Agencies ,
Payment Systems ,
Personal Data ,
Preliminary Injunctions ,
Sensitive Personal Information ,
State Attorneys General ,
U.S. Treasury
The Trump administration has systematically fired federal privacy- and security-focused employees since taking office.
Three members of the bipartisan, independent agency, the Privacy and Civil Liberties Oversight Board...more
2/28/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Government Efficiency (DOGE) ,
Employees ,
FOIA ,
Government Agencies ,
Office of Personnel Management (OPM) ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Risk Management ,
Trump Administration ,
Veterans
The Department of Government Efficiency’s (DOGE) staggering unfettered access to all Americans’ personal information is highly concerning. DOGE employees’ access includes databases at the Office of Personnel Management, the...more
2/21/2025
/ Consumer Privacy Rights ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Education ,
Department of Government Efficiency (DOGE) ,
Department of Health and Human Services (HHS) ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Privacy Laws ,
U.S. Treasury
The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more
Texas Attorney General Ken Paxton announced on February 14, 2024, that his office has opened an investigation into DeepSeek’s privacy practices. DeepSeek, an artificial intelligence company with ties to the People’s Republic...more
According to a highly critical article recently published by TechCrunch, the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more
2/14/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Government Efficiency (DOGE) ,
Elon Musk ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Sensitive Personal Information ,
Trump Administration
New York, Texas, and Virginia are the first states to ban DeepSeek, the Chinese-owned generative artificial intelligence (AI) application, on state-owned devices and networks....more
2/14/2025
/ Artificial Intelligence ,
China ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
Information Technology ,
National Security ,
Popular ,
Privacy Laws ,
Social Media ,
Technology Sector
If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer...more