Honda agreed to pay $632,500 and change various privacy practices as part of a settlement with the California Privacy Protection Agency announced Wednesday. The CPPA board decided Friday to approve a settlement resolving the privacy agency's claims that the car manufacturer’s North American subsidiary violated the California Consumer Privacy Act (CCPA). The significant order shows the agency ramping up enforcement of the CPPA, said privacy attorneys.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.

Vermont lawmakers weighed the need for a bill protecting the sensitive information of certain public servants at a House Judiciary Committee hearing Tuesday. Some questioned if the bill (H-342) is necessary, while others asked whether it would lead to excessive lawsuits.

Legislation that would allow individuals to sue tech platforms for hosting child sexual abuse material (CSAM) increases privacy protections for victims, Senate Judiciary Committee ranking member Dick Durbin, D-Ill., said Tuesday.

Vermont Attorney General Charity Clark (D) pressed her case for including a private right of action (PRA) in a proposed comprehensive state privacy law (S-71) at a Senate Institutions Committee hearing livestreamed Tuesday. However, a Republican committee member and the Vermont Chamber of Commerce pushed back against allowing individuals to sue. The Chamber witnesses urged lawmakers to instead pass a rival bill (S-93) to more closely align Vermont with privacy laws in other New England states.

New York Attorney General Letitia James (D) on Monday announced a lawsuit against Allstate and its subsidiary National General for not protecting personal information from cyberattacks, and violating the state’s breach notification law. While James noted that the insurance companies' internal cyber defenses were inadequate, she said the broader cause was their choice of prioritizing profit over safety.

DOJ’s new data transfer rule fundamentally changes how American companies should assess global data compliance, particularly concerning Chinese-related business, attorneys said in interviews.

Several people spoke out about how the California Privacy Protection Agency's draft rule changes to the data broker registration regime (see 2503050020) will affect small businesses, during the CPPA’s public meeting Friday. Ahead of the meeting, the agency released draft rule changes that support the state’s upcoming data-deletion mechanism (see 2502270066).

The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.

Lead sponsors of the Kids Online Safety Act (KOSA) haven't had substantive discussions about reintroducing the bill in the House, Rep. Kathy Castor, D-Fla., told us in a recent interview.