On August 19, Massachusetts Attorney General Andrea Joy Campbell announced a $795,000 settlement with a property management company for alleged violations of the Massachusetts Consumer Protection Act, and the Massachusetts Data Security Law and Data Security Regulations. The AG alleged that the company failed to maintain reasonable data security practices and delayed required notifications to... Continue Reading|
On July 24, the California Privacy Protection Agency (CPPA) approved a major rule package covering automated decision-making technology (ADMT), mandatory cybersecurity audits, and privacy risk assessments under the California Consumer Privacy Act (CCPA). The package narrows the definition of ADMT to tools that replace human decision making for significant decisions in areas like lending, housing, employment,... Continue Reading|
On August 21, the Consumer Financial Protection Bureau published an advance notice of proposed rulemaking (ANPR) in the Federal Register to reconsider its Personal Financial Data Rights Rule under Section 1033 of the Dodd-Frank Act. The Bureau stated that it is reopening the rule in light of policy changes under new leadership and a court-ordered... Continue Reading|