Photo of Blair Robinson (Law Clerk - Not yet admitted to practice)

Blair Robinson (Law Clerk - Not yet admitted to practice)

Retool, a software development firm offering modular code for customizable enterprise software, recently notified 27 customers that a threat actor had accessed their accounts. The attacker was able to navigate through multiple layers of security controls after taking advantage of an employee through an SMS-based phishing attack. The attacker then used this access to target

Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications

A growing number of states have enacted laws this year to study artificial intelligence (AI), ahead of possible legislative action to address expected threats to jobs, civil liberties, and property rights with the emerging technology. The specific goals of these committees have varied. For instance, Minnesota is studying how intelligence sharing with AI might enable

The Kids Online Safety Act (KOSA) of 2023 is circulating Congress with bipartisan support. According to bill sponsors Senator Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN), KOSA would require social media companies to develop enhanced parental controls for online platforms. 

Additionally, and much more controversially, KOSA creates a duty for online platforms to prevent and

State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact privacy laws to protect consumers due to the absence of a federal privacy law.

Under each of the acts summarized below, consumers will have the right to access their personal data, the right to correct inaccurate data, the right to data portability, the right to have their data deleted, and the right to opt out of targeted advertising of personal data. Businesses will be required to practice purpose limitation, maintain data security, get consumer consent for data processing, and complete regular data impact assessments. Businesses will be barred from discriminating against consumers who exercise their rights under the law and will be required to secure data processing agreements with service providers. Similarly, these laws each exclude financial institutions or their affiliates that are governed by, or personal data that is collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act ; state bodies/agencies; nonprofit organizations; institutions of higher education; national securities associations registered with the SEC; and covered entities or business associates as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Continue Reading Seven States Have Upcoming Privacy Laws 

The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer

X Corp (formerly Twitter) has cracked down on data scrapers in a series of lawsuits filed within the last several weeks. One lawsuit targets an Israel-based research firm that provides commercial data scraping, called Bright Data, for alleged unjust enrichment. Another targets The Center for Countering Digital Hate (CCDH), a UK nonprofit known for scraping

The California Privacy Protection Agency’s (CPPA) Enforcement Division is conducting a review of data privacy practices by connected vehicle manufacturers and related technologies. The CPPA, which was established by the 2018 California Privacy Rights Act, has been primarily focused on developing regulations. This investigation marks its first significant enforcement effort.

Connected vehicles, with features like

As modern companies are increasingly adopting AI systems to automate and augment their businesses, many legal and compliance departments have cautioned against fully embracing this new and untested technology. Successful companies will need to develop an approach that allows them to benefit from AI’s competitive advantage while mitigating their risk of litigation.

In response to

Tennessee, Montana, Iowa, and Indiana have each recently passed a consumer privacy statute in recent weeks. These laws follow the same trend started by California’s Consumer Privacy Act by granting consumers the right to know whether a company is processing their data; the right to access that data, obtain a copy, and to have it