Data Privacy & Governance Hub

Key Takeaways OpenAI launched a Privacy Filter that identifies and redacts sensitive information before it ever touches the cloud. The Privacy Filter marks a shift in AI companies that are starting to address user privacy concerns by building security measures into the systems from the start. This tool does not

Key Takeaways The Texas Attorney General filed a lawsuit against Netflix for collecting and profiting from users’ data without their knowledge or consent. The petition claims that Netflix gathers large amounts of behavioral data on users and monetizes it by sharing it with advertisers and commercial data brokers. This case,

Key Takeaways Canvas, a popular learning management system, was targeted in a cyberattack by a group called ShinyHunters in late April. The group stole 3.65 TB of data from about 9,000 educational institutions that partner with Canvas and threatened to leak it unless the company paid a ransom. The parent

Key Takeaways The Supreme Court heard oral arguments on the constitutionality of geofence warrants, which require companies to turn over information from devices tracked in the vicinity of a crime during the period of interest. Geofence warrants currently operate without established constitutional standards or limitations on scope and duration. Hundreds

Key Takeaways The Cookeville Regional Medical Center experienced a ransomware attack that exposed the personal, financial, and medical information of more than 337,000 patients. The breach notification to affected individuals came nine months after the initial detection. Ransomware incidents targeting medical centers have become a popular extortion method, exposing […]

Key Takeaways House Republicans introduced the SECURE Act, which is the first comprehensive federal data privacy framework. This Act would preempt state laws and establish uniform national standards. The Act largely follows the models used by states but also includes heightened protections for minors and new national security requirements. Enforcement

Key Takeaways The Oklahoma Data Privacy Act grants residents new rights to access, correct, delete, and opt out of the sale of their personal data. Broad exemptions for nonprofits, financial institutions, and state agencies may limit the law’s effectiveness and leave gaps in consumer protection. Oklahoma law adds to a

Key Takeaways A lawsuit filed against Novartis alleges that the company used invisible tracking tools on its websites to collect and pass patients’ sensitive health information to third parties without their knowledge or consent. This case highlights a regulatory gap in the application of existing privacy law to digital data

Key Takeaways Unauthorized third parties accessed Booking.com customer data, including names, contact details, and reservation information, though financial information was reportedly not compromised. This stolen travel data enables criminals to impersonate hotels with specific reservation details, making extortion attempts far more convincing and effective. The company did not disclose how

Key Takeaways The Alabama Personal Data Protection Act (APDPA) grants residents the right to access, correct, delete, and obtain copies of their personal data. Unlike many other state frameworks, the APDPA does not require data protection impact assessments or universal opt-out preference signals and includes broader exemptions than other state

Key Takeaways California’s DROP program allows residents to submit a single request to delete their data from registered data brokers. The platform is state-run and free to use. More than 500 registered brokers are notified when a deletion request is submitted. The law applies only to brokers registered in California.

Key Takeaways Maine’s LD 1822 is one of the most comprehensive state-level data privacy bills in the country, introducing data minimization requirements, protections for sensitive data, and a ban on unnecessary biometric collection. The bill shifts the burden of data protection from consumers to companies and requires them to justify