Data Privacy Alert: What Happens When a Password Vault Is Breached?
Learn about the data breaches at password vault company LastPass that potentially compromised millions of user passwords and accounts. Overview Download the full alert here! This data breach incident began in August 2022, when a criminal gained access to the company’s development environment and stole source code and technical information that allowed it to target an employee. The hacker eventually gained access to credentials and keys, which allowed them to gain access to LastPass’s third-party cloud storage service in November 2022, gaining access to customer information. These incidents are not the... Read More
The Federal Trade Commission has continued its campaign of stepped-up privacy enforcement with a $520 million settlement with Epic Games, the maker of popular online game Fortnite, over violations of children’s privacy and its use of dark patterns to charge consumers extra fees. Overview On December 19, 2022, the FTC announced in a press release that it had reached an agreement with Epic Games on a $520 million settlement for alleged privacy violations. While Fortnite is free to download and play, users often pay for in-game items including costumes (known as... 
Why This Announcement Is Important In November 2022, Google agreed to a record-setting $391.5 million settlement with a 40-state coalition of attorneys general over charges that it misled consumers by continuing to collect their location data when the users thought that they had turned them off. Overview On November 14, 2022, Maryland Attorney General Brian Frosh announced that, acting in concert with 39 other state attorneys general, he had reached a $391.5 million settlement with Google over its location tracking practices. Google had violated state consumer protection laws by misleading users... 
Signed into law on March 2, 2021, the Virginia Consumer Data Protection Act (VCDPA) was the second comprehensive state privacy law, following California, but the first to be initiated by the state legislature. It goes into effect on January 1, 2023, the first of four state privacy laws to begin enforcement this year. Overview While the VCDPA draws substantially from its predecessors in California, that state’s legislature enacted the CCPA to preempt a ballot initiative in 2018, while the CPRA was passed as a ballot initiative by California voters. Companies doing... 
As we prepare for CPRA to go into effect on January 1, 2023, we thought it would be a good idea to look back at a really informative webcast we held earlier this year, Top Reasons Why Your CPRA Compliance Strategy Is Broken, to help you diagnose any issues you might have and set to work on remedying them before your organization ends up like Sephora, making a seven- or eight-figure settlement with the California AG. Featuring Amalia Barthel, co-founder of Managed Privacy Canada, and Peter Stockburger of Dentons, discussing what’s coming... 
The FTC is taking a much more aggressive approach toward enforcing privacy regulations of all sorts, including obtaining and managing consumer consent. Its November proposed court order against Vonage, an internet phone service provider, takes aim at deceptive dark patterns, negative-option consent, and undisclosed fees. Overview On November 3, 2022, the Federal Trade Commission released its proposed court order against Vonage, a Voice-over-Internet-Protocol (VoIP) phone service, to stop the company from imposing junk fees and creating obstacles to consumers and businesses who wish to cancel their service. The order alleges that...