Companies can learn practical lessons from common themes in recent enforcement actions and implementing those takeaways can help them stay ahead of evolving privacy requirements, said Quarles lawyers in a blog post Monday.
The FTC could improve cybersecurity standards by verifying the adequacy of companies' risk assessments, IAPP Cybersecurity Law Center Managing Director Jim Dempsey said in a post Friday.
The California Privacy Protection Agency (CPPA) filing a court petition to force Tractor Supply Co. to comply with an investigative subpoena Wednesday demonstrates its willingness to fight for privacy rights, consumer advocacy groups and other privacy professionals said.
Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.
Data privacy attorneys from Wiley on Monday offered a rundown on the process for responding to an FTC inquiry.
Meta violated the California Invasion of Privacy Act (CIPA) when it intentionally eavesdropped on users of the health app Flo Health and received sensitive data on users' menstrual cycles and reproductive health, said a federal jury decision Friday that was posted Monday. The plaintiffs alleged Flo transmitted their personal information without user consent to the social media platform and other third parties for commercial purposes.
Health app Flo Health reached a settlement Thursday in a case involving allegations that sensitive health information was shared with third parties without user consent. Earlier in July, Google, also a defendant in case 21-00757, said it reached a settlement with the plaintiffs (see 2507090063). No details were released in either settlement.
It’s important for organizations to “actively stay up to date” on DOJ’s sensitive data rule even though enforcement began on July 9, blogged Constangy Brooks lawyers on Thursday.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.