Discussing how privacy issues intersect with a company’s growth goals and how they permeate the organization is key to having a strong privacy policy and earning consumer trust, said TrustArc executives during a Tuesday webinar the compliance vendor hosted.

Whether to use an internal or external auditor to comply with new California Privacy Protection Agency (CPPA) rules depends on the company, said Woods Rogers cybersecurity attorney Patrick Austin in an IAPP analysis posted Tuesday. “There is no one right choice that applies to all businesses.”

The variety in privacy laws and standards give companies some flexibility in how consent banners are displayed on their websites, said panelists during an IAPP webinar Tuesday. But they cautioned that teams throughout an organization must understand how trackers operate on the site and what data is collected.

Safety by design is the core element to ensuring kids remain safe online while also protecting their privacy and rights, a Public Knowledge paper argues (see 2509050046). More research is needed concerning tangible harms, panelists said during a discussion Monday about the paper.

Though using age assurance to access certain online platforms and websites is the route policymakers frequently take hoping to protect children online, it can end up doing more harm than good, multiple privacy organizations said in recent papers and blog posts.

Businesses defending themselves against charges under the California Invasion of Privacy Act (CIPA) sometimes find that exclusions and limitations in their insurance policies for cyber or commercial general liability (CGL) leave them exposed, attorney Kathryn Rattigan said in a blog post Thursday. For CIPA claims, her key takeaway is "don’t assume your insurance will cover [a] privacy lawsuit," the Robinson+Cole lawyer added.

Congress should pass a federal privacy law that preempts state measures, NetChoice said Thursday in a series of policy recommendations for lawmakers at both levels as the tech association issued its "Digital Safety Shield for America."

Data minimization is an evolving regulatory landscape that is garnering increased awareness lately as trust and transparency become more of a focus for organizations and data breaches highlight the impact of having extra data, said panelists during a webinar hosted by compliance vendor TrustArc on Thursday.

Consumers are unlikely to protect themselves against privacy dark patterns, so legislation and regulation is needed, according to a paper published Wednesday in the University of New Hampshire Law Review. “This paper strongly suggests that dark patterns do prompt consumers to surrender more privacy than they otherwise would.”

Successful privacy professionals make the most of limited resources, BlueSky Privacy CEO Teresa Troester-Falk said in an IAPP opinion piece Thursday.