IT Security & Privacy

Eight major auto insurance companies have agreed to pay more than $19 million in penalties to New York State following a sweeping cybersecurity investigation by the Department of Financial Services (DFS). The enforcement action, announced Tuesday by Superintendent Adrienne A. Harris, revealed failures in data security controls that exposed the personal information of New Yorkers through online insurance quoting systems.

Australia’s privacy regulator has reminded social media companies that privacy must remain front and center as new age restrictions come into force later this year. The Office of the Australian Information Commissioner (OAIC) on Friday published regulatory guidance for age-restricted social media platforms and age assurance providers under the forthcoming Social Media Minimum Age (SMMA) scheme, which begins on December 10.

Australia just crossed a major privacy enforcement milestone. The Federal Court has ordered Australian Clinical Labs (ACL) to pay $3.8 million (AUD $5.8 million) in penalties after a cyberattack on its Medlab Pathology business exposed the personal information of more than 223,000 individuals.

The European Data Protection Board (EDPB) and the European Commission have issued their first-ever joint guidelines, clarifying how the Digital Markets Act (DMA) interacts with the General Data Protection Regulation (GDPR). The document aims to provide legal certainty and consistency for companies subject to both frameworks, particularly large online platforms designated as “gatekeepers.”

California Governor Gavin Newsom has signed into law the California Opt Me Out Act (AB 566), authored by Assemblymember Lowenthal and sponsored by the California Privacy Protection Agency (CPPA). The law cements California’s leadership in digital privacy by requiring all browsers operating in the state to include a built-in, one-click mechanism for users to opt out of data sales and sharing online.

California’s privacy watchdog has handed down its biggest penalty yet, hitting Tractor Supply Company with a $1.35 million fine and ordering sweeping reforms to its privacy practices after finding the retailer mishandled the data rights of consumers and job applicants.

Ireland’s Digital Regulators Group (DRG) has launched a Short Guide to Digital Regulation, a resource designed to help the public and businesses navigate the country’s complex web of digital oversight.