Shadow AI remains a significant challenge for businesses, said panelists during a Practising Law Institute webinar Monday. They discussed an IBM Cost of a Data Breach 2025 report that focused on the problem of employees using AI platforms that aren't sanctioned by the workplace.
The U.S. Supreme Court’s decision to forego reviewing a Video Privacy Protection Act (VPPA) case means questions and conflicting rulings on the statute will remain unsettled, leaving businesses in a lurch, David Krueger, privacy litigator at Benesch, told Privacy Daily Monday.
The modest fine of $56,000 that California Privacy Protection Agency’s (CalPrivacy) assessed against a company recently for failing to register as a data broker (see 2512030029) “may be the last penalty we see of this size,” said Dentons privacy attorney Dalton Cline, who sees several factors increasing monetary burdens on violators in the future.
The Department of Homeland Security has unlawfully made changes to a system containing the personal information of citizens and non-citizens that allows government agencies to check immigration status and enable voter roll purges, a coalition of advocacy groups said this week.
The California Privacy Protection Agency (CalPrivacy) fined Nevada-based marketing firm ROR Partners $56,000 for its failure to register as a data broker, in violation of the state's Delete Act. The agency's Data Broker Enforcement Strike Force brought the fine. Part of the Enforcement Division, the Strike Force was announced in November (see 2511190041).
DOJ's filing of six lawsuits against states on Tuesday “escalate an unprecedented effort to collect sensitive voter information" from them in what is potentially a violation of the Privacy Act of 1974, Tim Harper, senior policy analyst of elections and democracy at the Center for Democracy and Technology (CDT) told us. In a statement to Privacy Daily, Rhode Island Attorney General Peter Neronha (D) condemned the suits as the "weaponization" of the DOJ, which also sued California in September for refusing to give up its voter rolls (see 2512020022).
Possible federal preemption of state laws and concerns about whether the FTC has the bandwidth to enforce new kids’ privacy and safety measures came up frequently during a hearing Tuesday of the House Commerce Committee subcommittee on Commerce, Manufacturing and Trade. The session was meant to discuss nearly 20 kids’ privacy and safety bills (see 2511250080).
Industry and consumer advocates have weighed in on nearly 20 kids privacy and safety bills set for a subcommittee hearing Tuesday in the House Commerce Committee (see 2511250080). In written testimony posted over the weekend, some witnesses additionally warned the lawmakers against inadvertently weakening privacy protections in an effort to promote online safety.
Days after the Electronic Frontier Foundation (EFF) announced a lawsuit against the city of San Jose for using Flock Safety’s automated license plate readers (ALPRs) to conduct location searches without obtaining a warrant (see 2511190008), the organization released research on how the technology is used for surveillance.
A Nov. 6 joint settlement between three states and software company Illuminate Education over a data breach that exposed students' information highlights regulators' focus on protecting minors’ data, said privacy pros and an attorney in interviews. In addition, the incident and settlement show that no matter what sector a breach occurs in, the principles of information security are similar, the attorney said.