With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
There has been a quiet shift recently where state privacy enforcement is often aided behind the scenes by private law firms, according to a Tuesday blog post from Frankfurt Kurnit attorneys. These firms typically develop the case and can even appear in the final complaint filed in court, lawyers Daniel Golberg and Holly Melton wrote.
States should amend comprehensive privacy laws to remove loopholes for consumer reporting agencies (CRAs), the Electronic Privacy Information Center (EPIC) said in a white paper released Tuesday.
Age-verification vendors weren't "surprised" by attempts to circumvent proof-of-age mechanisms once the U.K. Online Safety Act (OSA) rules took effect Friday, Age Verification Providers Association Executive Director Iain Corby told us Tuesday.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.
The California Privacy Protection Agency (CPPA fined Washington-based Accurate Append $55,400 for failing to register as a data broker and pay the annual fee required by the state’s Delete Act. The company failed to register by the Jan. 31, 2024 deadline for its 2023 activities, and only registered after the Enforcement Division contacted Accurate Append, the CPPA alleged.
Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
Texas investigated data practices of more than 200 companies and issued “dozens of privacy violation notices” under the Texas Data Privacy and Security Act during the past year, said Attorney General Ken Paxton (R) in a Monday press release touting his office’s privacy accomplishments.