Congress Gears Up for AI Governance and Data Privacy Reforms

The 119th U.S. Congress has begun work under Republican control, focusing on AI governance and data privacy laws by state. Senate Commerce Committee Chair Ted Cruz advocates a "light-touch" approach to AI regulation to foster innovation, emphasizing concerns about overregulation akin to European models. Meanwhile, the House Energy and Commerce Committee, under Rep. Brett Guthrie, is resetting its approach to privacy legislation, starting with protections for children and teens. Comprehensive privacy reforms will require bipartisan effort and extended negotiations. New committee members, such as Rep. Alexandria Ocasio-Cortez, bring diverse perspectives, especially on data transparency and social media. Leadership shifts signal significant changes in federal tech policy discussions. Read more

Texas Sues Allstate Over Alleged Driver Data Misuse

The state of Texas has filed a lawsuit against Allstate, alleging illegal tracking of drivers through mobile apps without their consent. The complaint claims Allstate's data analytics unit, Arity, collected data from apps like GasBuddy, Life360, and Routely, creating a database of driving behaviors for over 45 million Americans. Texas accuses Allstate of using the data to adjust premiums, deny coverage, and sell information to other insurers. The lawsuit also alleges Allstate obtained vehicle location data directly from manufacturers like Toyota, Lexus, and Jeep. Texas seeks restitution, fines, and the destruction of collected data, citing violations of Texas data privacy law. This  Allstate data breach lawsuit, highlights concerns about privacy violations in the insurance industry. Read more

PowerSchool Data Breach Impacts K-12 Schools Globally

A data breach targeting PowerSchool, a major K-12 software provider, occurred between December 19 and 28, affecting schools in the U.S. and other countries. Hackers accessed sensitive information, including names and addresses, using a remote support tool. PowerSchool, serving over 60 million students worldwide, is working with the FBI and CrowdStrike to investigate. Some schools reported data such as students' medical alerts and staff Social Security numbers were compromised. While PowerSchool claims the stolen data has been destroyed, schools expressed dissatisfaction with the company’s communication and handling of the breach. The breach underscores the importance of compliance with educational privacy laws and safeguarding educational data systems incorporated in modern tech solutions. Read more

Pennsylvania Reintroduces Consumer Data Privacy Act

State Representative Ed Nielson has reintroduced a bill to establish a Consumer Data Privacy Act in Pennsylvania, a state currently lacking comprehensive data privacy laws. Supported by bipartisan co-sponsors, the proposed legislation seeks to provide Pennsylvanians with rights to access, amend, and delete their data, along with greater transparency in online data usage. Previous iterations of the bill, despite bipartisan support, failed to progress in the state Senate. The bill draws parallels with laws in 20 other states and international frameworks like the EU's GDPR, emphasizing consumer control over personal information and protection against data misuse. Read more

US Soldier Arrested for BSNL Data Breach Linked to Cybercrime

U.S. soldier Cameron John Wagenius, arrested for cybercrime, is linked to the May 2024 data breach of Indian state-owned telecom BSNL. Operating as ‘Kiberphant0m’ on the darknet, Wagenius allegedly stole sensitive data, including IMSI numbers and authentication keys, and sold it for $5,000. The breach affected 278 GB of BSNL data, involving SIM details and server snapshots. While Indian authorities were aware of ‘Kiberphant0m,’ attribution proved difficult. BSNL has not filed an FIR, limiting international cooperation. Wagenius is also tied to broader cybercrime networks targeting telecom and cloud service data globally. Read more