FCC Announces $15.75 Million Cybersecurity Settlement with T-Mobile

The Federal Communications Commission (FCC) reached a settlement with T-Mobile, addressing data breaches from 2021 to 2023 affecting millions of U.S. consumers. T-Mobile agreed to a $15.75 million civil penalty and committed to cybersecurity improvements, including zero trust architecture and multi-factor authentication. The company will invest $15.75 million in cybersecurity measures and report regularly to its board. The FCC sees the settlement as a model for the telecom industry. This action follows similar settlements with other major wireless carriers. Read more

CPPA Expands International Cooperation for Privacy Enforcement

The California Privacy Protection Agency (CPPA) is increasing international cooperation, joining bodies like the Global Privacy Enforcement Network and Asia Pacific Privacy Authorities. It also signed a cooperation declaration with France's CNIL for joint privacy research and information sharing. Unlike the European model, the U.S. lacks centralized data protection authorities, limiting cooperation. However, the CPPA's efforts may lead to aligned enforcement with global standards, aiding companies in managing cross-border privacy compliance. Read more

California Governor Vetoes Landmark AI Safety Bill

California Governor Gavin Newsom vetoed a proposed bill aimed at regulating large artificial intelligence (AI) models, citing concerns about stifling innovation. The bill, which faced strong opposition from tech companies and lawmakers, would have introduced mandatory safety protocols and whistleblower protections. Supporters argued it was necessary to prevent future risks posed by AI, while critics claimed it could harm the state’s tech industry. Newsom instead announced plans to collaborate with experts to develop AI guardrails. The veto is seen as a win for big tech companies in California. Read more

New AI Civil Rights Act Introduces Mandatory Audits and Broad Scope of AI Governance

The AI Civil Rights Act, introduced by U.S. Sens. Ed Markey and Mazie Hirono, mandates multiple assessments, including third-party audits for AI systems affecting "consequential actions." Developers must perform preliminary evaluations, while deployers need annual impact assessments. Independent audits are required if potential harms are identified. The Act also includes broader coverage of consequential actions and harms compared to other state legislation. Developers must annually review deployer assessments to ensure compliance. This legislation is intended to prompt discussions on comprehensive AI governance to mitigate bias and harmful impacts. Read more

USAA Faces Class-Action Lawsuit After April Data Breach Exposes Customer Information

A data breach at USAA in April exposed personal information of 32,275 customers, leading to a potential class-action lawsuit filed by Maurice Fitzpatrick. The breach, caused by a system error, leaked sensitive data, including Social Security and driver’s license numbers. Fitzpatrick claims his data appeared on the dark web and experienced fraudulent charges. He is suing for negligence and wants USAA to implement enhanced security measures. This is USAA's second breach in two years, following a similar incident in 2023 involving 19,000 customers' data. Read more