Three companies that distribute eufy home security video cameras paid $450,000 after failing to secure consumers’ private home videos, New York Attorney General Letitia James (D) announced on Tuesday.

PayPal must pay a $2 million penalty to New York for violating elements of the state's Department of Financial Service’s Cybersecurity Regulation, announced the department's Superintendent Adrienne Harris on Thursday. An investigation found that the financial technology company employed unqualified personnel to manage key cybersecurity functions. In addition, it didn't provide proper training in addressing cybersecurity risks, prompting sensitive customer information to be accessible to cybercriminals, the department said.

State privacy enforcers will “take up the baton for any lag in federal action” this year, Smith Anderson lawyers blogged this week. “Businesses, even in states without comprehensive privacy laws, face increased compliance risks.”

State privacy officials in Delaware and New Hampshire aren’t intentionally looking to catch businesses breaking rules, they told an International Association of Privacy Professionals webinar Wednesday. Both states’ privacy laws took effect Jan. 1 (see 2501060066).

New Hampshire Attorney General John Formella (R) posted an FAQ on complying with the state's privacy law that took effect Jan. 1 (see 2501060066). In August, Formella set up a data privacy unit to enforce compliance.

State privacy laws offer Californians broad AI protection, said Attorney General Rob Bonta (D) in legal guidance released Monday.

Businesses should write broad biometric compliance strategies in response to Colorado Privacy Act (CPA) regulations adopted last month by the state attorney general office, BCLP lawyers Goli Mahdavi and Andrea Rastelli blogged Thursday.

The New Jersey Division on Civil Rights (DCR) has launched an initiative aimed at addressing the risk of bias and discrimination from the use of AI and other emerging technologies, Attorney General Matthew Platkin (D) announced Thursday.

T-Mobile didn’t expect Washington state’s data breach lawsuit Monday, the carrier said in a statement. In a complaint at the state’s King County Superior Court, Attorney General Bob Ferguson (D) alleged that T-Mobile knew for years about cybersecurity vulnerabilities that led to a 2021 data breach (see 2501060046). A T-Mobile spokesperson acknowledged, “We have had multiple conversations about this incident from 2021 with the Washington AG's office over the last several years and even reached out in late November to continue discussions." As such, "The office’s decision to file a lawsuit … came as a surprise,” the spokesperson added. “While we disagree with their approach and the filing’s claims, we are open to further dialogue and welcome the opportunity to resolve this issue, as we have already done with the FCC.” T-Mobile “fundamentally transformed” its cybersecurity approach during the last four years, the spokesperson said.

TikTok was aware its age restrictions were ineffective and thousands of minors were able to access its Live feed product, an internal investigation for the social media company showed, according to the Utah attorney general's office. The office on Friday announced the release of details that were previously redacted in its complaint filed in June against TikTok.