The Office of the Attorney General for the District of Columbia introduced the Consumer Health Information Privacy Protection Act of 2024, a bill aiming to tighten privacy requirements for businesses that fall outside the U.S. Health Insurance Portability and Accountability Act.
AT&T allegedly paid a member of the hacking group ShinyHunters more than USD300,000 to delete a trove of customer data affecting a majority of the telecommunication company's users, Wired reports. The hack took place in April but was made public after AT&T reported it in a U.S. Securities and Exchange Commission filing.Full story
The Record reports retailer Advance Auto Parts said personally identifiable information of more than 2.3 million people was leaked in a recent data breach. It is one of several breaches connected to a May attack against data storage company Snowflake.Full story
Mexico's National Institute of Transparency, Access to Information and Protection of Personal Data announced it will investigate the recent Ticketmaster data breach. The INAI noted customers are granted certain protections under the Federal Law on Protection of Personal Data Held by the Individuals.Full story
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy and artificial intelligence governance developments in the nation's capital and around the U.S. This week, he offers his perspective on the U.S. Federal Trade Commission's latest action to ban an anonymous messaging app following alleged deceptive and harmful acts against teens.Full story
The EU Artificial Intelligence Act was officially published in the Official Journal of the European Union.
The EU Artificial Intelligence Act was published in the Official Journal of the EU 12 July. The act will enter into force 1 Aug. and sets the timetable for a phased approach to its implementation and enforcement. This IAPP resource lays out some of the most important dates and milestones for the future implementation of the law.
The long-awaited finalization of India's Digital Personal Data Protection Act regulations will pave the way for the recognition of consent managers, a single point of contact which will help companies fulfill obligations around a data subject's consent options for personal data processing. Internet Law & Policy Foundry Senior Fellow Raktima Roy provides an overview of the mandated consent platforms, including their obligations and oversight. Editor's note: This is the seventh in a 10-part series on the operational impacts of India's DPDPA.
The EU-U.S. Data Privacy Framework is set for its first annual review to verify whether its new mechanisms and safeguards have been fully implemented and are functioning effectively in practice. IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, discusses how the process will bring together leaders to review several aspects, including the newly established Data Protection Review Court and its ability to function as an independent and impartial redress mechanism.Full story
AT&T indicated nearly all of its customers were exposed to a data breach and has taken steps to block further access, The New York Times reports. The majority of the data included records of calls and texts between May 2022 and October 2022, which the company said was downloaded to a third-party platform. The company said the stolen data did not include the content of the affected calls and texts.Full story