News Alerts and Breach Report for Week of June 5, 2023
Colorado and Connecticut’s Privacy Laws Take Effect July 1
In less than a month, on July 1, 2023, the Colorado Privacy Act and the Connecticut Personal Data Privacy and Online Monitoring Act will become enforceable. Read our compliance manuals here and here.
Florida Passes Privacy Bill
Florida Governor Ron Desantis signed a privacy bill into law this week. The SB 262 will provide Floridians basic privacy rights guaranteed by other bills in states like California and Virginia, including the right to know how companies use their personal data, and the right to restrict that usage, correct the data, and delete it. But it also goes a step further, per Bloomberg: “Florida’s take on consumer data privacy also tackles issues that state Republicans have raised with tech platforms, like the alleged censorship of conservative views online.The law requires search engines to disclose whether political ideology influences search results and it bans government-mandated content moderation on social media.”
Texas Passes Data Privacy Law
Texas Governor Greg Abbott could sign a data privacy bill into law this week for Texas. The Texas Data Privacy and Security Act (TDPSA) was passed by the Texas legislature last week, and covers any personal data that can be reasonably linked to an individual. The law applies to entities conducting business in Texas, and those selling products or services to Texas residents. It does not have a revenue threshold, but provides an exemption to businesses considered to be a “small business” by the U.S. Small Business Administration, as well as an exemption for businesses covered by HIPAA, nonprofits, government entities, GLBA-covered entities, and higher education institutions.. There is no private right of action—the attorney general has exclusive enforcement power. Read more here.
FTC Settles With Amazon
Last week, Amazon agreed to pay about $30 million to settle suits brought by the Federal Trade Commission (FTC) over Amazon’s Ring security system and Alexa studio assistant. The suits noted that the Ring system gave employees too much access to consumer data and was too vulnerable to hackers, while Alexa devices retained childrens’ information for too long. Though it agreed to the settlement, Amazon has not admitted to wrongdoing.
Senators Tell Twitter to Shape Up
According to ABC News, four Democratic senators last week sent an open letter to Twitter, its owner, Elon Musk, and its incoming CEO Linda Yaccarino, warning the social media giant to fix data security threats brought on by “Mass layoffs, lax internal privacy reviews and the hasty revamp of the platform’s subscription service [that may] have undermined the company’s commitment to data protection.” The letter follows last week’s hasty departure of two top data privacy executives—head of trust and safety Ella Irwin and head of brand safety and ad quality A.J. Brown.
BREACH REPORT:
Zellis (and BBC, British Airways, Boots)
* * * * * * *
To read our latest article and explainer on Washington’s My Health My Data Act, click here.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
92 | Interview With Tom Kemp, Silicon Valley Privacy Advocate and Author of Containing Big Tech
91 | Managed Detection & Response; The Path Forward (with Guest Sam DeNormandie)
90 | AdTech Meets Privacy Laws (with Guest Susan Israel)
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.