Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
A recent spate of California Consumer Privacy Act (CCPA) enforcements has pushed consumer opt-outs to the fore, clarifying what regulators consider important, Cynthia Cole, an intellectual property lawyer at Baker McKenzie, said during a webinar Tuesday.
A group of stakeholders again maintained that the U.S. Department of Agriculture (USDA) acted illegally when it demanded that states submit Supplemental Nutrition Assistance Program (SNAP) recipient data, according to federal court documents submitted Friday in a suit that began May 22. Meanwhile, the USDA, also on Friday, asked the court to drop the suit, arguing it's done nothing wrong. The stakeholders demanded the suit should continue.
While there are state and federal protections for sensitive data, a comprehensive privacy framework at the federal level is needed to ensure all modes of data sharing are transparent, legal and regulated, panelists said Wednesday. They spoke during a Center for Democracy and Technology (CDT) webinar about the federal government’s recent attempts to access state data.
Businesses defending themselves against charges under the California Invasion of Privacy Act (CIPA) sometimes find that exclusions and limitations in their insurance policies for cyber or commercial general liability (CGL) leave them exposed, attorney Kathryn Rattigan said in a blog post Thursday. For CIPA claims, her key takeaway is "don’t assume your insurance will cover [a] privacy lawsuit," the Robinson+Cole lawyer added.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
PowerSchool "intends to vigorously defend itself" against the lawsuit that the Texas attorney general filed Wednesday, a spokesperson for the education software company told Privacy Daily in an email. AG Ken Paxton's (R) lawsuit charged that PowerSchool’s failure to protect the personal information of almost 900,000 Texas schoolchildren and educators in a data breach late last year was a violation of the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act (see 2509030059).
Maryland’s attorney general could make privacy rules despite lacking direct rulemaking authority from the Maryland Online Data Privacy Act (MODPA), WilmerHale’s Samuel Kane said Thursday during a webinar by Privado, a compliance vendor. That could tighten requirements under the state's comprehensive privacy law taking effect next month, the privacy attorney said. Meanwhile, MODPA is set to break ground for state privacy laws due to its unique data minimization provision, but companies can prepare now by more closely documenting how they use data, Kane said.
The federal government urged a court to reject a claim from a coalition of states that's seeking to block the collection of personally identifiable information (PII) about millions of Supplemental Nutrition Assistance Program (SNAP) recipients while litigation regarding the legality of the data demand is pending. The U.S. Department of Agriculture (USDA) made the request in a court document Tuesday, claiming the states' case is unlikely to succeed on its claims.
Software company PowerSchool’s failure to protect the personal information of almost 900,000 Texas schoolchildren and educators late last year was a violation of the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act, alleged Attorney General Ken Paxton (R) in a lawsuit Wednesday (see 2509030050). Texas joined Tennessee (see 2505120026) and a class-action in California (see 2501220057) in suing the company over the incident.