SHARE:  

OCTOBER 2024

DATA ROUNDUP

Artificial Intelligence (AI) is transforming industries, enhancing consumer experiences, and advancing societal goals. However, as AI’s influence rapidly grows, so do the complexities of managing its risks — particularly around cybersecurity and privacy rights.



To guide organizations in navigating this evolving landscape, the National Institute of Standards and Technology (NIST) released critical frameworks and profiles designed to help companies manage the opportunities and risks posed by AI.


Read the Blog

In a significant move to strengthen data protection, Malaysia passed the Personal Data Protection (Amendment) Bill on July 31, 2024. This landmark reform introduces substantial changes to the Personal Data Protection Act (PDPA) 2010, aligning Malaysia’s data privacy laws more closely with international standards.

Illinois became the second state, after Colorado, to pass a law to regulate the use of AI by employers. Companies will have time to get ready as the law does not become effective until January 1, 2026.

Read the Blog
Read the Blog

LEGISLATIVE & REGULATORY UPDATE

Brazil's New Regulation on International Data Transfers

IAPP

"Publication of the regulation comes amid discussions of creating a "sovereign cloud" as part of Brazil's Artificial Intelligence Plan, which aims to ensure government data is stored within national borders, avoiding reliance on foreign infrastructure."

Read Full Article

US FBI Disrupts Second Chinese Hacking Group, Director Says

Reuters

"U.S. law enforcement has disrupted a second major Chinese hacking group nicknamed "Flax Typhoon" and wrested thousands of compromised devices from its grasp, FBI Director Christopher Wray said on Wednesday."

Read Full Article

ENFORCEMENT ACTIONS

AT&T to Pay $13 Million FCC Settlement for 2023 Data Breach

The Record

"The investigation centered on a January 2023 incident where hackers infiltrated the cloud environment of an AT&T vendor and stole troves of customer information. The FCC was looking into whether AT&T did enough to stop the attack and more generally keep customer data safe."

Read Full Article

BREACH REPORT

Providence School Discloses Large Data Breach Causing Week-Long Outage

HIPAA TIMES

"The Providence Public School Board, which oversees 39 schools in Rhode Island, recently faced a data breach that disrupted the network and caused a week-long internet outage."

Read Full Article

23andMe Agrees to $30 Million Settlement Over Data Breach that Affected 6.9 Million Users

USA TODAY

"Ancestry and genetics-testing company 23andMe has agreed to pay a $30 million settlement after a class-action lawsuit was brought against the company for last year's data breach."

Read Full Article

Lehigh Valley Health Network Agrees to $65M Settlement over Ransomware Attack that Leaked Nude Photos

FIERCE Healthcare

"Approximately 135,000 of the health system’s patients and employees are included in the class, making the settlement what law firm Saltz Mongeluzzi Bendesky believes is “the largest of its kind, on a per-patient basis, in a healthcare data breach-ransomware case."

Read Full Article

FTC Sends Refunds to Consumers Harmed by CafePress’s Data Security Failures

Federal Trade Commission

"The Federal Trade Commission is sending payments totaling more than $370,000 to consumers who were harmed by the data security failures of online merchandise platform CafePress."

Read Full Article

Data Stolen in Ransomware Attack That Hit Seattle Airport

SecurityWeek

"The incident was disclosed on August 24, when the Port announced on X (formerly Twitter) that various services were down after critical systems were isolated in response to a cyberattack."

Read Full Article

PODCAST PORTAL

In this episode of PrivacyCafé, Richard and Jade dive into the background and significance of the Becerra case, which challenges the HHS guidance on the usage of tracking technologies by medical providers. Throughout the episode, they provide practical advice for hospitals on using tracking technologies responsibly, discuss the potential impact on ongoing and future class action lawsuits, and offer actionable tips for medical providers to ensure compliance with data privacy regulations.

Listen Now

MEET OUR TEAM

Richard Sheinis


Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.

Jade Davis


Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.

Joseph Stepina


Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.



Lea McBryde


Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.


Savannah Avera


Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.

Web      LinkedIn      Instagram      Facebook