Marriott Faces New Data Minimization and Deletion Requirements in FTC Settlement

Marriott's draft settlement with the U.S. Federal Trade Commission introduces new data minimization and deletion requirements. The company must limit personal data collection and retention to the minimum necessary for legitimate business needs. Marriott is also required to honor data deletion requests from U.S. consumers within 60 days. Additionally, the multistate settlement with 50 state attorneys general aligns with FTC's focus on enforcing stricter data handling policies. These settlements reflect an ongoing regulatory shift toward more explicit data minimization practices. Read more

Cisco Investigates Data Breach Allegedly Impacting Major Corporations

Cisco is investigating claims that threat actor IntelBroker accessed and stole sensitive data, including source code, credentials, and confidential documents. The breach reportedly affects Cisco’s DevHub environment, but the company asserts that its internal systems remain uncompromised. IntelBroker claims that hundreds of major corporations, such as AT&T, Microsoft, and Verizon are impacted. Cisco has disabled public access to the affected systems and is working with law enforcement to assess the extent of the breach. The stolen data is being sold for an unspecified amount in Monero cryptocurrency. Read more

Bipartisan Data Privacy Laws Gain Momentum Across U.S. States

Since 2021, 19 U.S. states, including both Democratic and Republican-led states, have enacted comprehensive privacy laws. These laws provide consumers with data access, deletion, and opt-out rights and require businesses to follow data minimization practices. Several states have also introduced universal opt-out mechanisms and data protection impact assessments. These measures align with the U.S. Federal Trade Commission's recommendations on limiting sensitive data collection and improving consumer transparency. While federal legislation is still pending, state-level laws are currently driving data privacy protections. Read more

U.S. Consumer Finance Regulator Unveils Open Banking Rule to Boost Competition

The Consumer Financial Protection Bureau (CFPB) introduced new rules aimed at making it easier for consumers to switch financial service providers by enabling seamless data transfers between banks and fintech firms. This "open banking" rule will allow consumers to move their personal data at no cost, fostering competition. Banks have criticized the rule, citing data security concerns, while fintech firms have praised it for enhancing data portability. Republican lawmakers support codifying the rule, while two banking groups have filed a lawsuit to halt its implementation. Read more

23andMe Faces Financial Crisis, Leadership Shakeup, and Data Privacy Concerns

Genetic testing company 23andMe is in financial turmoil, with its stock plummeting to 29 cents and all board members except CEO Anne Wojcicki resigning. Wojcicki's plans to privatize the company raise concerns over future data handling. In October 2023, a data breach exposed 5.5 million customers' genetic data, heightening privacy risks. Users are urged to safeguard their data, considering the risks of the company’s sale or bankruptcy. Steps to delete data involve logging in, downloading raw data if needed, and permanently deleting information. However, some data may be retained due to legal obligations. Read more