Florida’s privacy lawsuit last week against Roku surprised some data-protection experts, since the state’s Digital Bill of Rights frequently carries an asterisk in lists of the 20 state comprehensive privacy laws -- if it’s included at all. In the aftermath, however, some privacy experts told Privacy Daily that they’re still not ready to add Florida to the list.
An Albany-based accounting firm will pay $60,000 to settle with New York state in a data breach case, the attorney general's office said Monday. The AG's office said that the firm, Wojeski & Co., failed to adequately protect client data and notify customers of breaches, which exposed more than 6,000 individuals' personal information during two cybersecurity incidents. The firm waited more than one year before it notified victims of the first data breach, the state office said.
States increased enforcement and coordination this year, privacy experts said Thursday during a webinar hosted by compliance vendor Ketch.
Existing laws, especially in the privacy space, should be relied on heavily when looking to regulate AI, said panelists during an AI and privacy conference hosted by the Practising Law Institute (PLI) Thursday.
Pension scheme support company Capita's failure to process personal data securely or effectively respond to a cyberattack earned it a fine of 14 million pounds ($18.7 million) from the U.K. ICO, the watchdog announced Wednesday. The fine was part of an agreed settlement in which Capita admitted liability and declined to appeal.
European DPAs will focus their next coordinated enforcement action on compliance with the GDPR's transparency and information requirements, the European Data Protection Board (EDPB) announced Tuesday. The push will launch in 2026.
Video-streaming box maker Roku “collected, sold and enabled reidentification of sensitive personal data” without receiving authorization or providing meaningful notice, the Florida attorney general’s office said Tuesday. AG James Uthmeier filed a complaint under Florida’s comprehensive privacy law and the Florida Deceptive and Unfair Trade Practices Act in the state’s 20th Judicial Circuit Court.
Age-restricted social media platforms are "on notice" that they must comply with Australia's strict minimum age scheme, which takes effect Dec. 10, Privacy Commissioner Carly Kind warned Friday.
The FCC appears unlikely to make any moves to enforce the data privacy rules approved under the Biden administration, which were recently upheld by the 6th U.S. Circuit Court of Appeals, industry experts said Friday. Last week, the panel that decided the case agreed to hold it in abeyance pending the FCC’s review of the 2023 order, as the agency requested. The panel ordered the FCC to file status reports every 60 days, with the first due Dec. 16.
OneTrust agrees that businesses shouldn't set and forget privacy compliance tools, amid increased scrutiny from regulators, said Ojas Rege, general manager of privacy and data governance. In an interview with Privacy Daily, Rege also said that a great amount of enforcement action is happening behind the scenes, without becoming public. In addition, the OneTrust official warned that “AI amplifies every single privacy and data governance gap you have in your organization.”