data privacy

Subscribe to data privacy via RSS

In today’s increasingly digital world, connected devices are an integral part of daily life. From smart speakers and thermostats to fitness trackers and home security cameras, these devices offer convenience and automation—but they also present new privacy and security challenges. Recognizing the growing concern among consumers, Consumer Reports (CR) has undertaken comprehensive testing to evaluate

The New York Division of Financial Services (NYDFS) recently issued new cybersecurity guidance to assist covered entities in understanding and responding to the heightened risks posed by third party service providers (TPSP). NYDFS emphasized that covered entities must acknowledge and account for these risks and offer assistance in addressing them.

Based upon NYDFS’ enforcement activities

On October 6, 2025, Bloomberg reported that the Securities and Exchange Commission (SEC) has launched an investigation into AppLovin Corporation’s data-collection practices, following an alleged whistleblower complaint and a series of short-seller reports. We previously covered the shareholder class action against AppLovin in another blog post. The company is a mobile advertising technology business that

On September 30, 2025, the Office for Civil Rights of the Department of Health and Human Services (OCR) announced a settlement with Cadia Healthcare Facilities, a provider of rehabilitation, skilled nursing and long-term care services located in Delaware “for potential violations…of HIPAA Privacy and Breach Notification Rules.”

According to the OCR’s press release, the

Following in the footsteps of almost two dozen attorneys general in other states, Kentucky Attorney General Russell Coleman filed a lawsuit on July 17, 2025, against Chinese online shopping platform Temu, alleging that it unlawfully collects Kentuckians’ data, violating their privacy, and counterfeiting “some of Kentucky’s most iconic brands.”

The complaint alleges that Temu:

SentinelOne researchers have discovered AkiraBot, which is used to target small- to medium-sized company websites with generative AI, and drafted outreach messages for website chats, comments, and contact forms. SentinelOne estimates that over 400,000 websites have been targeted, and the bot has successfully spammed “at least 80,000 websites since September 2024.”

The bot generated

Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit the information from being publicly accessible. This means that they “left not only their contact lists publicly visible but also their transactions, which

On March 27, 2025, a class action lawsuit was filed against the education technology (EdTech) company Instructure, the parent company of Canvas, a popular learning management system. The complaint alleges that Instructure violated children’s federal and state privacy rights. According to the complaint, Instructure states that it collects various account information about children, including name