The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete Act. This settlement is part of the CPPA’s investigative initiative announced back in October 2024.
The Delete Act requires data brokers to register
Beware of demand letters from plaintiffs’ attorneys for allegations of illegal use of pen registers, trap and trace pixels, and search bar pixels—why? This “trap and trace” litigation is a growing trend for plaintiffs’ attorneys because they can leverage existing wiretap laws (particularly in California under the California Invasion of Privacy Act (CIPA)) to argue
Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.
NewsBank provides a database of archived news publications utilized by libraries, higher education institutions, and other organizations. NewsBank suffered a security incident affecting its employees’ personal information between June and July
Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively CCPA). What about a
Stemming from Colorado’s Concerning Consumer Protections in Interactions with Artificial Intelligence Systems Act (the Act), which will impose obligations on developers and deployers of artificial intelligence (AI), the Colorado Artificial Intelligence Impact Task Force recently issued a report outlining potential areas where the Act can be “clarified, refined[,] and otherwise improved.”
The Task Force’s mission
Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could
The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their rights under the Oregon Consumer Privacy Act (OCPA) and encourages them to take control of their personal information.
The OCPA went
Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle Federal Trade Commission (FTC) allegations that it violated the Children’s Online Privacy Protection Act (COPPA) and deceived players about the cost of winning certain prizes.
On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring parents to opt [into] targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active
The California Attorney General published two legal advisories this week:
These advisories seek to remind businesses of consumer rights under the California Consumer Privacy Act, as amended by the