New York Attorney General Letitia James (D) on Monday announced a lawsuit against Allstate and its subsidiary National General for not protecting personal information from cyberattacks, and violating the state’s breach notification law. While James noted that the insurance companies' internal cyber defenses were inadequate, she said the broader cause was their choice of prioritizing profit over safety.

DOJ’s new data transfer rule fundamentally changes how American companies should assess global data compliance, particularly concerning Chinese-related business, attorneys said in interviews.

Several people spoke out about how the California Privacy Protection Agency's draft rule changes to the data broker registration regime (see 2503050020) will affect small businesses, during the CPPA’s public meeting Friday. Ahead of the meeting, the agency released draft rule changes that support the state’s upcoming data-deletion mechanism (see 2502270066).

The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.

Lead sponsors of the Kids Online Safety Act (KOSA) haven't had substantive discussions about reintroducing the bill in the House, Rep. Kathy Castor, D-Fla., told us in a recent interview.

Expect the Trump administration’s FTC to take a less aggressive approach to privacy enforcement than the prior administration, a former FTC enforcer said at a BBB National Programs webinar Thursday. Meanwhile, Texas Attorney General Ken Paxton (R) has focused on enforcement claims related to geolocation data, said Tyler Bridegan, who heads that state’s privacy enforcement unit.

Several groups said in amicus briefs they support Snap and Meta in arguing to the California Supreme Court that the social media platforms shouldn't be required to turn over posts and other communications made on the apps as evidence in a California murder case. Doing so would significantly decrease the power of the 1986 Stored Communications Act (SCA), they argued in briefs obtained by Privacy Daily.

State fervor for child online safety bills continued apace this week. Wyoming and Utah approved age-verification measures, while several states advanced bills or introduced them. Kids privacy and online safety have been a major focus for state legislatures this year (see 2502250017 and 2501170053). Accordingly, Privacy Daily is tracking more than 100 of these bills across the country (see map).

Maryland lawmakers will narrow definitions in a data broker tax proposal so the bill targets hundreds, not thousands, of businesses, Sen. Katie Hester (D) said Wednesday (see 2502250042).

Stick with the New Hampshire privacy law that took effect Jan. 1, industry lobbyists urged during a state House Judiciary Committee hearing Wednesday. The committee heard testimony on HB-195, which sponsor Rep. Bob Lynn (R) described as a supplement to the comprehensive New Hampshire Data Privacy Act (NHDPA). It’s “a very reasonable bill" that had bipartisan support last year, he said.