California AI Legislation Narrowed in Scope Ahead of September Deadline

Governor Gavin Newsom of California faces the task of reviewing numerous bills before the September 30 deadline, including key AI governance legislation. Assembly Bill 2930, initially covering various sectors, is now limited to automated employment decisions, excluding government entities and reducing enforcement authority. Senate Bill 1047 focuses on foundation models and safety concerns. Other bills address generative AI transparency and watermarking. The final status of these bills will be determined by the end of September. Read more

New Hampshire Establishes Data Privacy Unit Ahead of 2025 Law Implementation

New Hampshire has announced the formation of a Data Privacy Unit within its Consumer Protection and Antitrust Bureau to enforce the state's Data Privacy Act, effective January 1, 2025. The unit will seek civil penalties for non-compliance and will release FAQs to help businesses and consumers understand their obligations and rights under the law. The Attorney General’s office is currently accepting applications for positions within the unit. This move may inspire similar actions in other states as privacy laws continue to evolve. Read more

Uber Fined €290 Million for GDPR Violation by Dutch Authority

The Dutch Data Protection Authority has fined Uber €290 million ($347 million USD) for violating the GDPR by improperly transferring European drivers' personal data to the U.S. This significant penalty highlights the gravity of the breach, which exposed sensitive driver information, including account and location data. Uber plans to challenge the decision, arguing it complied with GDPR requirements amidst regulatory uncertainties. The case underscores the EU’s strict enforcement of data protection laws and serves as a warning to companies about the severe consequences of non-compliance. Read more

DICK'S Sporting Goods Discloses Cyberattack, Exposing Confidential Information

DICK'S Sporting Goods reported a cyberattack to the U.S. Securities and Exchange Commission on August 28, revealing unauthorized access to confidential information on August 21. While the nature of the exposed data remains unclear, the company implemented containment measures, including restricting employee access and engaging external cybersecurity experts. The company has communicated internally about the incident but has not yet publicly detailed the breach or its impact on customers. The investigation is ongoing, with involvement from federal law enforcement agencies. Read more

TD Bank and Summit National Bank Disclose Data Breach Impacting Thousands of Customers

TD Bank and Summit National Bank reported data breaches that exposed the personal information of 10,953 customers. The breaches occurred between late 2023 and early 2024, with Summit National Bank discovering suspicious activity in May and TD Bank identifying an insider as the source of the breach in July. Leaked data includes names, Social Security numbers, and financial account details. The banks have alerted affected customers and allocated funds for penalties and anti-money laundering investigations. The incidents highlight growing concerns about the security of customer data within the U.S. banking sector. Read more