Stemming from Colorado’s Concerning Consumer Protections in Interactions with Artificial Intelligence Systems Act (the Act), which will impose obligations on developers and deployers of artificial intelligence (AI), the Colorado Artificial Intelligence Impact Task Force recently issued a report outlining potential areas where the Act can be “clarified, refined[,] and otherwise improved.”
The Task Force’s mission
Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could
The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their rights under the Oregon Consumer Privacy Act (OCPA) and encourages them to take control of their personal information.
The OCPA went
Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle Federal Trade Commission (FTC) allegations that it violated the Children’s Online Privacy Protection Act (COPPA) and deceived players about the cost of winning certain prizes.
On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring parents to opt [into] targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active
The California Attorney General published two legal advisories this week:
These advisories seek to remind businesses of consumer rights under the California Consumer Privacy Act, as amended by the
TikTok users are seeking alternate platforms to share and view content as the U.S. is set to ban the popular social media app on January 19, 2025. Instead of turning to U.S.-based companies like Facebook or Instagram, users are flocking to another Chinese app called Xiaohongshu, also known as RedNote. The app, which previously
At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established for protecting electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The updated
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer
American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from cyber criminals.
In September 2024, American Addiction Centers suffered a cyber-attack that led to the unauthorized access to sensitive personal information