On November 15, 2022, the Federal Trade Commission announced a six-month extension for companies to comply with certain updated requirements of the Gramm-Leach-Bliley Act’s Safeguards Rule, a set of data security provisions covered financial institutions must implement to protect their customers’ personal information.
Continue Reading FTC Announces Six-Month Extension for Compliance with Some Changes to Gramm-Leach-Bliley Safeguards Rule

On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices.
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

On October 24, 2022, the Federal Trade Commission announced a proposed consent order with Drizly, an online alcohol ordering and delivery service, and the company’s CEO, for the company’s alleged failure to maintain appropriate security safeguards that led to a data breach that affected 2.5 million consumers’ personal information.
Continue Reading FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers

On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach

On October 17, 2022, the California Privacy Protection Agency released modified proposed regulations for compliance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 along with an explanation of the modifications as materials for upcoming CPPA Board Meetings.
Continue Reading CPPA Releases Modified Proposed CPRA Regulations

On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.
Continue Reading FTC Extends Deadline for Comments on Commercial Surveillance and Data Security Advanced Notice of Proposed Rulemaking