The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their rights under the Oregon Consumer Privacy Act (OCPA) and encourages them to take control of their personal information.

The OCPA went

On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring parents to opt [into] targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active

We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.

On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on

American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering

After the conclusion of the public comment period earlier this month, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA). The Act grants rights to Colorado consumers concerning their personal information, including the right to access, delete, and correct their personal data as well as the right to opt out of

The Consumer Financial Protection Bureau (CFPB) announced this week that it intends to increase the scrutiny on data brokers to better protect service members, law enforcement officials, domestic violence victims, senior citizens, and other populations from surveillance, doxing, fraud, and threats of violence when cyber threat actors purchase personal and financial information from data brokers

During the California Privacy Protection Agency’s (CPPA) meeting on November 8, 2024, it voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. The CPPA’s rulemaking related to AI runs parallel to the California Civil Rights Department’s push for its regulations related to AI.

The CPPA’s proposed regulations include details related to:

The city of Columbus, Ohio, announced on May 29, 2024, that a ransomware attack forced its systems offline. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.  The culprit behind the ransomware attack is reported to