FTC Leadership Shift Signals Changes in Data Privacy and AI Policies

President-elect Donald Trump has appointed Andrew Ferguson as FTC Chair and nominated Mark Meador to fill a commissioner vacancy, solidifying a Republican majority. Ferguson plans to reverse initiatives from Lina Khan’s tenure, focusing on curtailing FTC enforcement in privacy and AI regulation. Ferguson’s agenda includes limiting investigations into AI bias, advocating for innovation, and ending the FTC’s proposed rulemaking on commercial surveillance. Democratic commissioners have questioned this direction, emphasizing consumer protection. Senate confirmation for Meador is pending, with swift changes expected post-approval. Read more

ParkMobile Agrees to $32.8M Settlement Over 2021 Data Breach

ParkMobile will pay $32.8 million to settle claims related to a 2021 data breach affecting 21 million users. Leaked data included license plates, emails, phone numbers, and, in some cases, mailing addresses. The settlement includes $9 million for cash payments, $21 million for in-app credits, and $2.5 million for improved security measures. Eligible class members can submit claims by March 5, 2025, for up to $25 in compensation. The settlement does not admit wrongdoing by ParkMobile but addresses consumer concerns over data security failures. Read more

Massachusetts Hospital Breach Exposes Patient Data

Anna Jaques Hospital in Newburyport, Massachusetts, reported a data breach impacting up to 316,342 individuals. The exposed data varies by person and may include demographic, medical, health insurance, Social Security, driver’s license, and financial information. The breach, part of systems under Beth Israel Lahey Health, was discovered in December 2023. Notification was sent to affected individuals following an investigation. While there is no evidence of fraud, patients and employees are advised to monitor financial accounts and insurance statements for suspicious activity. The hospital is enhancing its cybersecurity measures to prevent future incidents. Read more

SAG-AFTRA Faces Lawsuit Over Health Plan Data Breach

SAG-AFTRA union members have filed a class-action lawsuit over a September data breach that compromised names, Social Security numbers, and medical information. The breach stemmed from an email phishing attack, and members claim the union delayed notifying those impacted until December. The lawsuit alleges negligence, invasion of privacy, and unjust enrichment, seeking at least $5 million in damages. It claims affected members face heightened risks of fraud and identity theft and overpaid for health plans despite inadequate security. The plaintiffs aim to represent all impacted union members. Read more