U.S. organizations have long focused on federal requirements governing international data transfers. But a growing wave of state enforcement—particularly in Florida and Texas—signals that regulators are increasingly scrutinizing how companies move sensitive data outside the United States, especially when foreign adversaries may be involved. Recent developments suggest organizations should reassess their data flows, vendor relationships
minimization
The Hidden Legal Minefield: Compliance Concerns with AI Smart Glasses, Part 4: Data Security, Breach Notification, and Third-Party AI Processing Risks
The Hidden Risks of Information Disclosure: A Costly Lesson from Cornwall
By Joseph J. Lazzarotti on
When Royal Cornwall Hospital responded to a routine Freedom of Information request in 2023, they had no idea they were about to expose sensitive staff data to the public. The hospital recently apologized after discovering that a spreadsheet published on their website contained hidden sickness absence data for 8,100 current and former employees spanning three…
CPPA Issues First “Enforcement Advisory” for CCPA – Data Minimization
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle – data minimization. Much of the attention surrounding the CCPA seems to focus on website privacy policies, notices at collection, and consumer rights requests. With…