SAN DIEGO -- Companies that want to avoid enforcement settlements and penalties should collaborate with state regulators during an investigation and whenever authorities are seeking information, officials from California, Colorado, Delaware and Indiana said during a panel at IAPP's privacy and security conference Thursday. The states are all members of the bipartisan Consortium of Privacy Regulators (see 2506020004).
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
SAN DIEGO – “Privacy should be easy” for businesses to implement and consumers to effectuate, said Tom Kemp, executive director of the California Privacy Protection Agency (CPPA), during the closing keynote at IAPP's privacy and security conference Friday. At a panel Thursday, other CPPA employees spoke about regulations aimed at making privacy and privacy rights easier.
23andMe Research Institute formed a privacy advisory board, it said Thursday. Members include Peggy Bodin, HCA Healthcare chief privacy officer; Fred Cate, an Indiana University professor and data strategy consultant; and Jonathan Zittrain, a Harvard University professor.
An appeal this week of an EU General Court ruling in a case that questioned the EU-U.S. Data Privacy Framework (DPF) will bring the issue to the European Court of Justice (ECJ) again, IAPP officials and privacy lawyers said Thursday. Euractiv reported French Parliament Member Philippe Latombe's appeal Wednesday. Latombe didn't immediately comment.
SAN DIEGO -- Sling TV is in violation of the California Consumer Privacy Act (CCPA) because the streaming platform's methods for consumers to opt out of sharing personal information are "confusing" and hard to effectuate, said Stacey Schesser, supervising deputy attorney general at the California DOJ.
SAN DIEGO -- In its fifth major enforcement action under the California Consumer Privacy Act (CCPA), the state's DOJ announced a $530,000 settlement with streaming platform Sling TV, which cited the company's complicated and confusing opt-out mechanisms (see 2510300040).
The California Privacy Protection Agency could have a decision from the state's Office of Administrative Law (OAL) on Delete Act regulations just in time for the CPPA board's Nov. 7 meeting.
No states have enacted new comprehensive privacy laws in 2025, so far, but “half of those with laws already on the books have made significant amendments to their scopes and requirements,” IAPP said Monday in releasing its revised report on state privacy laws. The report found that eight states updated their privacy laws in 2025: Colorado, Connecticut, Kentucky, Montana, Oregon, Texas, Utah and Virginia.
Meta is restructuring its compliance team and will maintain “high standards,” the company said Friday in response to reports that it’s laying off hundreds of employees and automating certain compliance tasks.
Consulting group Guidepost Solutions is growing its privacy practice, it said Tuesday. As part of the expansion, Chief Privacy Officer and Senior Managing Director Allison Spagnolo will take on the role of deputy general counsel. Matthew Corwin, who's worked at Guidepost since 2023, will also become deputy chief privacy officer and a managing director.