Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
Indonesia agreed to grant the U.S. "adequacy" for personal data transfers under a trade deal the White House announced Tuesday, but it's unclear when the decision will take effect, IAPP Global Privacy Policy Manager Luis Montezuma told us Wednesday.
With substantive data-protection provisions of the U.K. Data Use (and Access) Act 2025 (DUAA) beginning to apply near year's end, organizations should start monitoring new guidance from the Information Commissioner's Office (ICO), Robin Edwards, a member of the government's Department for Science, Innovation and Technology, said Wednesday during an IAPP webinar.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
The U.K. is providing adequate protection for personal data transferred from the EU, the European Commission said Tuesday, initiating the process to adopt a new adequacy decision.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Healthline apparently violated “the gossip test for sensitive data” when it shared with advertisers titles of articles that individual users were reading, which effectively suggested they had certain medical diagnoses, Cobun Zweifel-Keegan, IAPP managing director for Washington, D.C., posted on the privacy association’s website Friday.
Kayla Bushey has joined McNees Wallace and Nurick's privacy and data security team, where she will focus on privacy regulations, cybersecurity risks and AI governance, she announced in a LinkedIn post Wednesday. Previously, Bushey was a research fellow at IAPP and a legal intern at the FCC.
The U.S. Supreme Court decision that upheld Texas' law requiring age verification to access adult websites (see 2506270041) will have a ripple effect, prompting the creation of similar laws in states along with constitutional questions about how and where age verification can happen, said privacy experts in recent blog posts. Similarly, advocacy groups that disagreed with the high court's decision argued it may embolden other states to expand the definition of off-limits material, further challenging the First Amendment and ultimately letting politicians make content decisions (see 2507070037).
As laws and enforcement continue in the privacy and AI space, companies must pay attention to detail, panelists said during a webinar that vendor TrustArc hosted Tuesday.