Viable Opt-out mechanisms published by Colorado’s Attorney General

Colorado Attorney General a list of potential universal opt-out mechanisms (UOOMs) under the state’s privacy act. The list currently has three mechanisms including Global Privacy Control, Opt-out Code, and Opt-out Machine. Public feedback would be considered in shortlisting the UOOMs and the Attorney General is expected to publish the final UOOMs list by January 1, 2024. The list would then be updated on a rolling basis. Read more

Subpoenas to social media companies for concerns over children’s online safety

Social media companies Discord, X, and Snap were called before the Senate Judiciary Committee on December 6 for failing to protect children from online sexual abuse. The committee would require the companies’ executive officers to testify about their efforts to stop the abuse. A statement from the committee read that the company officials will have a chance to explain their failure in protecting children. Read more

Morgan Stanley settles multistate lawsuit for failing to protect consumer data

Global financial services firm Morgan Stanley reaches a $6.5M settlement in a multistate lawsuit that alleged the company compromised consumer data. State attorney generals from Indiana, Connecticut, Florida, New York, New Jersey, and Vermont claimed that the company failed to decommission its systems and erase unencrypted data (private consumer information) in certain devices that were auctioned later. Read more

ICO’s third-party cookie warnings to UK’s most visited websites

The UK Information Commissioner warned the country’s top websites to comply with data protection law or face enforcement actions. The names of the companies receiving the warnings aren’t mentioned but the ICO expects amends within 30 days of receiving the warnings. Users weren’t given fair choices by some websites in personal advertisement tracking. A statement from ICO read that this move was a part of a broader work to ensure the online advertising industry upholds people’s rights. Read more

OCR announces HIPAA violations settlement with St. Joseph Medical Center

The Office for Civil Rights (OCR) announced settlement with St. Joseph Medical Center for violating HIPAA Privacy and Security Rules. As per OCR’s findings, the center disclosed its patients’ potential health information. The medical center agreed to pay $80,000 and implement a CAP (corrective action plan) to resolve potential HIPAA violations and secure protected health information. The action plan also includes training the center’s workforce on its policies and procedures to comply with HIPAA. Read more