Healthline must pay California $1.55 million under the largest proposed settlement yet under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. The settlement, which is pending final court approval, also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the AG's office said.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
AT&T's proposed $177 million settlement stemming from 2019 and 2024 data breaches shows that multifactor authentication isn't optional, cybersecurity expert Joe Vadakkan wrote last week. In the 2024 incident, hackers penetrated AT&T's Snowflake cloud system using credentials that didn't have MFA and made off with customers' call and text metadata, he said. "Weak credential protections" made the hack possible, he added. "Supply chain vigilance is critical," as the Snowflake breach came via "internal compromises." The settlement received preliminary approval in U.S. District Court earlier this month.
Former Facebook users whose personal data was collected as part of the Cambridge Analytica matter some 10 years ago may now register for restitution under an AU$50 million payment ($33 million based on today's exchange rates) program Meta agreed to with the Australian Office of the Information Commissioner (OAIC), the office announced Thursday.
The 7th U.S. Circuit Court of Appeals could soon issue a ruling on the retroactivity of a 2023 amendment to the Illinois Biometric Information Privacy Act (BIPA), which would provide significant clarity about pending BIPA cases, said blog posts by multiple law firms.
The FTC’s 2024 settlement with NGL Labs and 2023 agreement with Epic Games could serve as a blueprint for federal and state enforcers protecting teens from privacy and design-related harms, former Consumer Protection Bureau Director Samuel Levine told Privacy Daily in an interview Monday.
A federal court on Wednesday declined to block a Tennessee law requiring that social media companies verify the age of account holders and gain parental consent from users younger than 18 before they can open accounts.
The FTC’s unfairness authority can continue to be a useful enforcement tool in holding social media companies liable for harming teens, former FTC Chair Lina Khan wrote in a Stanford Law Review article with former Consumer Protection Bureau Director Samuel Levine and former Chief Technologist Stephanie Nguyen.
The actual cost to a company from a privacy enforcement action could be many times higher than the regulator's fine, Clarip CEO Andy Sambandam said in an interview. Privacy has become a quickly rising concern for companies amid a growing number of privacy laws and state enforcement actions, he told Privacy Daily.
State privacy investigators are in constant contact about potential enforcement action that goes beyond the recently launched bipartisan consortium (see 2504160037), privacy officials from California, Colorado and Texas said.