California's recent enforcement action against Sling TV prolongs a trend of the state’s attorney general "staking out aggressive CCPA [California Consumer Privacy Act] compliance positions that require material operational changes beyond typical market practices,” McDermott Will privacy attorneys blogged Tuesday.
It’s clear DOJ is taking its data transfer rule seriously, given its newly released FAQ offering “substantial” financial reward for whistleblowers, Hogan Lovells attorney James Denvil said in a podcast about the Data Security Program released Thursday.
Aiming to stop a surge of litigation under New Jersey’s Daniel’s Law, state Sen. Gordon Johnson (D) introduced a bill this week to amend the legislation to protect the privacy of judges and other public servants. Atlas Privacy, which has sued many times as an assignee under Daniel’s Law, condemned the proposal Friday. However, a privacy lawyer who defends businesses welcomed the bill.
Canadian government privacy and information commissioners said schools and educational bodies there lacked proper contractor oversight and safeguards, exacerbating the harms for more than 5 million students and educators from the PowerSchool data breach late last year (see 2501220057). The Ontario and Alberta information and privacy commissioners Tuesday released the findings of their investigations into the late-December breach of the California-based edtech provider (see 2502110031).
The city of San Jose’s police department’s practice of using automated license plate readers (ALPRs) to conduct location searches without obtaining a warrant beforehand violates California's constitution, privacy advocates alleged in a lawsuit Tuesday. The suit also complained that the department holds drivers' data for a year.
The California Privacy Protection Agency will roll out a Data Broker Enforcement Strike Force to review industry compliance with the California Consumer Privacy Act (CCPA) and the Delete Act’s registration requirements, CalPrivacy said Wednesday.
Salesforce, TransUnion, Louis Vuitton and Qantas Airlines failed to protect the personally identifiable information (PII) of customers in a hub-and-spoke data breach this year, according to a class-action lawsuit filed against the companies earlier this month in U.S. District Court in San Francisco. Yet Salesforce told us Tuesday its network was not violated in the breaches.
A future U.S. Supreme Court ruling could limit the ability of attorneys general to issue investigative subpoenas or civil investigative demands (CIDs), a privacy lawyer and a consumer advocate said in interviews with Privacy Daily. As subpoenas and CIDs are foundational tools for attorneys general, restrictions on them could impact the number of enforcement actions, including privacy settlements, they said.
A Nebraska state court allowed a lawsuit against three health care providers to continue, ruling the state's charges that the companies violated its consumer protection and data security laws were sufficient, the attorney general said Thursday.
The Republican and Democratic attorneys general of Utah and North Carolina, respectively, announced an AI Task Force that will collaborate with the technology's developers, including Microsoft and OpenAI, to ensure it's safe for consumers, they said Thursday.