On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices.
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

On October 24, 2022, the Federal Trade Commission announced a proposed consent order with Drizly, an online alcohol ordering and delivery service, and the company’s CEO, for the company’s alleged failure to maintain appropriate security safeguards that led to a data breach that affected 2.5 million consumers’ personal information.
Continue Reading FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers

On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach

On October 17, 2022, the California Privacy Protection Agency released modified proposed regulations for compliance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 along with an explanation of the modifications as materials for upcoming CPPA Board Meetings.
Continue Reading CPPA Releases Modified Proposed CPRA Regulations

On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.
Continue Reading FTC Extends Deadline for Comments on Commercial Surveillance and Data Security Advanced Notice of Proposed Rulemaking

On October 13, 2022, the Interactive Advertising Bureau released for public comment an updated version of its contractual framework and new U.S. State Signals specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.
Continue Reading IAB Releases for Public Comment Proposed Contractual Framework and U.S. State Signals Specifications for Compliance with Five States’ Privacy Laws

On October 21 and October 22, 2022, the California Privacy Protection Agency Board will hold public meetings to discuss and take possible action, including adoption or modification of proposed regulations, to “implement, interpret, and make specific” the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.
Continue Reading CPPA Board to Hold Meetings on Proposed CPRA Regulations on October 21 and 22